mirrors/syncstorage-rs
1
0
Fork 0
mirror of https://github.com/mozilla-services/syncstorage-rs.git synced 2026-05-05 12:16:21 +02:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix: apply zizmor autofixes (#2253)

Browse Source 
* fix: apply zizmor autofixes

* rmv lookup-only on cache restores

---------

Co-authored-by: Frida Kiriakos <fkiriakos@mozilla.com>
This commit is contained in:
Taddes 2026-04-28 23:06:58 +03:00 committed by GitHub
parent bb0a8dec79
commit 0794dd5488
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 58 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/actions/setup-build-and-push/action.yml vendored
View File

@ -31,7 +31,9 @@ runs:
"$GITHUB_SHA" "$GITHUB_REF_NAME" \
"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
"$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \
> ${{ inputs.version_json_path }}
> ${JSON_PATH}
env:
JSON_PATH: ${{ inputs.version_json_path }}
- name: Compute image tag
id: tag

6
.github/dependabot.yml vendored
View File

@ -58,6 +58,8 @@ updates:
- dependency-name: slog-scope
versions:
- 4.4.0
cooldown:
default-days: 7
- package-ecosystem: "pip" # Applies for poetry deps as well
directories:
@ -80,6 +82,8 @@ updates:
group-by: dependency-name
patterns:
- "*"
cooldown:
default-days: 7
- package-ecosystem: "github-actions"
directory: "/"
@ -93,3 +97,5 @@ updates:
actions-deps:
patterns:
- "*"
cooldown:
default-days: 7

16
.github/workflows/main-workflow.yml vendored
View File

@ -52,6 +52,7 @@ jobs:
~/.cache/pip
~/.cache/pypoetry/virtualenvs
key: ${{ runner.os }}-python-${{ hashFiles('pyproject.toml', 'poetry.lock') }}
lookup-only: true
- name: Install Poetry
run: pip3 install poetry
@ -77,10 +78,11 @@ jobs:
~/.rustup/toolchains
~/.rustup/update-hashes
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
lookup-only: true
- name: Install Rust toolchain
if: steps.cache-rust-toolchain.outputs.cache-hit != 'true'
run: rustup toolchain install ${{ env.RUST_VERSION }} --component rustfmt --component clippy --component llvm-tools-preview --no-self-update && rustup default ${{ env.RUST_VERSION }}
run: rustup toolchain install ${RUST_VERSION} --component rustfmt --component clippy --component llvm-tools-preview --no-self-update && rustup default ${RUST_VERSION}
- name: Display Rust Version Info
shell: bash
@ -150,7 +152,7 @@ jobs:
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
- name: Set Rust toolchain
run: rustup default ${{ env.RUST_VERSION }}
run: rustup default ${RUST_VERSION}
- name: Cache cargo-audit
id: cache-cargo-audit
@ -207,7 +209,7 @@ jobs:
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
- name: Set Rust toolchain
run: rustup default ${{ env.RUST_VERSION }}
run: rustup default ${RUST_VERSION}
- name: Rust Clippy ${{ matrix.target }}
run: make clippy_${{ matrix.target }}
@ -246,7 +248,7 @@ jobs:
${{ runner.os }}-cargo-release-${{ matrix.target }}-
- name: Set Rust toolchain
run: rustup default ${{ env.RUST_VERSION }}
run: rustup default ${RUST_VERSION}
- name: Rust Clippy release ${{ matrix.target }}
run: make clippy_release_${{ matrix.target }}
@ -296,7 +298,7 @@ jobs:
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
- name: Set Rust toolchain
run: rustup default ${{ env.RUST_VERSION }}
run: rustup default ${RUST_VERSION}
- name: Restore pip and Poetry virtualenv
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
@ -589,7 +591,7 @@ jobs:
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
- name: Set Rust toolchain
run: rustup default ${{ env.RUST_VERSION }}
run: rustup default ${RUST_VERSION}
- name: Restore pip and Poetry virtualenv
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
@ -878,7 +880,7 @@ jobs:
key: ${{ runner.os }}-rust-toolchain-${{ env.RUST_VERSION }}
- name: Set Rust toolchain
run: rustup default ${{ env.RUST_VERSION }}
run: rustup default ${RUST_VERSION}
- name: Restore pip and Poetry virtualenv
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5

59
.github/workflows/mozcloud-publish.yaml vendored
View File

@ -56,11 +56,11 @@ jobs:
- name: Compute tags
run: |
TAGS=$(cat <<EOF
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:${{ steps.setup.outputs.image_tag }}
ghcr.io/${{ github.repository }}/syncstorage-rs:${{ steps.setup.outputs.image_tag }}
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:${IMAGE_TAG}
ghcr.io/${{ github.repository }}/syncstorage-rs:${IMAGE_TAG}
EOF
)
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
if [[ "${PUSH_LATEST}" == "true" ]]; then
TAGS="$TAGS
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:latest
ghcr.io/${{ github.repository }}/syncstorage-rs:latest"
@ -68,6 +68,9 @@ jobs:
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
echo "$TAGS" >> "$GITHUB_ENV"
echo "EOF" >> "$GITHUB_ENV"
env:
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
- uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
with:
@ -101,11 +104,11 @@ jobs:
- name: Compute tags
run: |
TAGS=$(cat <<EOF
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:${{ steps.setup.outputs.image_tag }}
ghcr.io/${{ github.repository }}/syncserver-postgres:${{ steps.setup.outputs.image_tag }}
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:${IMAGE_TAG}
ghcr.io/${{ github.repository }}/syncserver-postgres:${IMAGE_TAG}
EOF
)
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
if [[ "${PUSH_LATEST}" == "true" ]]; then
TAGS="$TAGS
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:latest
ghcr.io/${{ github.repository }}/syncserver-postgres:latest"
@ -113,6 +116,9 @@ jobs:
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
echo "$TAGS" >> "$GITHUB_ENV"
echo "EOF" >> "$GITHUB_ENV"
env:
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
- name: Build and push to prod GAR and ghcr
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@ -143,14 +149,17 @@ jobs:
- name: Compute enterprise tags
run: |
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:${{ steps.setup.outputs.image_tag }}"
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:${IMAGE_TAG}"
if [[ "${PUSH_LATEST}" == "true" ]]; then
TAGS="$TAGS
us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:latest"
fi
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
echo "$TAGS" >> "$GITHUB_ENV"
echo "EOF" >> "$GITHUB_ENV"
env:
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
- name: Build and push to enterprise GAR
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@ -188,11 +197,11 @@ jobs:
- name: Compute tags
run: |
TAGS=$(cat <<EOF
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:${{ steps.setup.outputs.image_tag }}
ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:${{ steps.setup.outputs.image_tag }}
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:${IMAGE_TAG}
ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:${IMAGE_TAG}
EOF
)
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
if [[ "${PUSH_LATEST}" == "true" ]]; then
TAGS="$TAGS
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:latest
ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:latest"
@ -200,6 +209,9 @@ jobs:
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
echo "$TAGS" >> "$GITHUB_ENV"
echo "EOF" >> "$GITHUB_ENV"
env:
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
- uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
with:
@ -232,11 +244,11 @@ jobs:
- name: Compute tags
run: |
TAGS=$(cat <<EOF
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}
ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:${IMAGE_TAG}
ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:${IMAGE_TAG}
EOF
)
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
if [[ "${PUSH_LATEST}" == "true" ]]; then
TAGS="$TAGS
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:latest
ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:latest"
@ -244,6 +256,9 @@ jobs:
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
echo "$TAGS" >> "$GITHUB_ENV"
echo "EOF" >> "$GITHUB_ENV"
env:
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
- name: Build and push to prod GAR and ghcr
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@ -272,14 +287,17 @@ jobs:
- name: Compute enterprise tags
run: |
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}"
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:${IMAGE_TAG}"
if [[ "${PUSH_LATEST}" == "true" ]]; then
TAGS="$TAGS
us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:latest"
fi
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
echo "$TAGS" >> "$GITHUB_ENV"
echo "EOF" >> "$GITHUB_ENV"
env:
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
- name: Build and push to enterprise GAR
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
@ -311,11 +329,11 @@ jobs:
- name: Compute tags
run: |
TAGS=$(cat <<EOF
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:${{ steps.setup.outputs.image_tag }}
ghcr.io/${{ github.repository }}/syncserver-mysql:${{ steps.setup.outputs.image_tag }}
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:${IMAGE_TAG}
ghcr.io/${{ github.repository }}/syncserver-mysql:${IMAGE_TAG}
EOF
)
if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then
if [[ "${PUSH_LATEST}" == "true" ]]; then
TAGS="$TAGS
us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:latest
ghcr.io/${{ github.repository }}/syncserver-mysql:latest"
@ -323,6 +341,9 @@ jobs:
echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV"
echo "$TAGS" >> "$GITHUB_ENV"
echo "EOF" >> "$GITHUB_ENV"
env:
IMAGE_TAG: ${{ steps.setup.outputs.image_tag }}
PUSH_LATEST: ${{ steps.setup.outputs.push_latest }}
- uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
with: