From 9f120d2b5061b3a9afc3cdb36238feb86d72c7bd Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 16 Jan 2026 13:13:27 +0100 Subject: [PATCH] GHA: silence fresh zizmor 1.21.0 warnings - MSYS2/Cygwin bash shells are now tagged "misfeature". It is not something we can fix. We need these shells, and using documented/necessary settings to use these environments should be allowed without workarounds. - untagged actions within curl's own organization are now also flagged as "action is not pinned to a hash (required by blanket policy)". This seems overkill. Making internal releases would not be helpful or practical. Also considering that the referred internal action uses an unpinned external action anyway (google/oss-fuzz/infra/cifuzz), with near-zero chance to fix. Ref: https://github.com/zizmorcore/zizmor/pull/1517#issuecomment-3759740853 Closes #20339 --- .github/workflows/fuzz.yml | 2 +- .github/workflows/windows.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 4283495253..45884515e8 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -40,4 +40,4 @@ permissions: {} jobs: Fuzzing: - uses: curl/curl-fuzzer/.github/workflows/ci.yml@master + uses: curl/curl-fuzzer/.github/workflows/ci.yml@master # zizmor: ignore[unpinned-uses] diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 8d12e2b27e..9c0764cd05 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 defaults: run: - shell: D:\cygwin\bin\bash.exe '{0}' + shell: D:\cygwin\bin\bash.exe '{0}' # zizmor: ignore[misfeature] env: MAKEFLAGS: -j 5 SHELLOPTS: 'igncr' @@ -184,7 +184,7 @@ jobs: timeout-minutes: ${{ contains(matrix.tflags, '-t') && 14 || 10 }} defaults: run: - shell: msys2 {0} + shell: msys2 {0} # zizmor: ignore[misfeature] env: MAKEFLAGS: -j 5 MATRIX_BUILD: '${{ matrix.build }}' @@ -412,7 +412,7 @@ jobs: timeout-minutes: 10 defaults: run: - shell: msys2 {0} + shell: msys2 {0} # zizmor: ignore[misfeature] env: CURL_TEST_MIN: 1550 MAKEFLAGS: -j 5 @@ -696,7 +696,7 @@ jobs: timeout-minutes: ${{ matrix.arch == 'arm64' && 12 || 10 }} defaults: run: - shell: msys2 {0} + shell: msys2 {0} # zizmor: ignore[misfeature] env: MATRIX_ARCH: '${{ matrix.arch }}' MATRIX_IMAGE: '${{ matrix.image }}'