GHA: silence fresh zizmor 1.21.0 warnings

- MSYS2/Cygwin bash shells are now tagged "misfeature". It is not something we can fix. We need these shells, and using documented/necessary settings to use these environments should be allowed without workarounds. - untagged actions within curl's own organization are now also flagged as "action is not pinned to a hash (required by blanket policy)". This seems overkill. Making internal releases would not be helpful or practical. Also considering that the referred internal action uses an unpinned external action anyway (google/oss-fuzz/infra/cifuzz), with near-zero chance to fix. Ref: https://github.com/zizmorcore/zizmor/pull/1517#issuecomment-3759740853 Closes #20339
2026-01-18 17:21:26 +01:00 · 2026-01-16 13:13:27 +01:00
parent af274feabf
commit 9f120d2b50
2 changed files with 5 additions and 5 deletions
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -40,4 +40,4 @@ permissions: {}

 jobs:
  Fuzzing:
-    uses: curl/curl-fuzzer/.github/workflows/ci.yml@master
+    uses: curl/curl-fuzzer/.github/workflows/ci.yml@master  # zizmor: ignore[unpinned-uses]
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -42,7 +42,7 @@ jobs:
    timeout-minutes: 10
    defaults:
      run:
-        shell: D:\cygwin\bin\bash.exe '{0}'
+        shell: D:\cygwin\bin\bash.exe '{0}'  # zizmor: ignore[misfeature]
    env:
      MAKEFLAGS: -j 5
      SHELLOPTS: 'igncr'
@@ -184,7 +184,7 @@ jobs:
    timeout-minutes: ${{ contains(matrix.tflags, '-t') && 14 || 10 }}
    defaults:
      run:
-        shell: msys2 {0}
+        shell: msys2 {0}  # zizmor: ignore[misfeature]
    env:
      MAKEFLAGS: -j 5
      MATRIX_BUILD: '${{ matrix.build }}'
@@ -412,7 +412,7 @@ jobs:
    timeout-minutes: 10
    defaults:
      run:
-        shell: msys2 {0}
+        shell: msys2 {0}  # zizmor: ignore[misfeature]
    env:
      CURL_TEST_MIN: 1550
      MAKEFLAGS: -j 5
@@ -696,7 +696,7 @@ jobs:
    timeout-minutes: ${{ matrix.arch == 'arm64' && 12 || 10 }}
    defaults:
      run:
-        shell: msys2 {0}
+        shell: msys2 {0}  # zizmor: ignore[misfeature]
    env:
      MATRIX_ARCH: '${{ matrix.arch }}'
      MATRIX_IMAGE: '${{ matrix.image }}'