diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml index 9cab3c5c..298ec558 100644 --- a/.github/actionlint.yaml +++ b/.github/actionlint.yaml @@ -1,12 +1,18 @@ -# Configuration related to self-hosted runners. +# Avoid warnings about unrecognized runner types. self-hosted-runner: - # Labels of self-hosted runner in array of strings. labels: - linux-amd64-* - linux-arm64-* -# Configuration variables in array of strings defined in your repository or organization. +# Avoid warnings about referencing things in ${{ vars.* }} statements. config-variables: - AWS_REGION - AWS_ROLE_ARN - TELEMETRY_ENABLED + +paths: + .github/workflows/conda-python-tests.yaml: + ignore: + # ${{ secrets.CODECOV_TOKEN }} is valid if a secret like that exists in the calling repo, + # and we're confident that it's there in our repos, so this error can be silenced + - 'property "codecov_token" is not defined in object type' diff --git a/.github/workflows/conda-cpp-build.yaml b/.github/workflows/conda-cpp-build.yaml index f6ba18d4..5a925ce3 100644 --- a/.github/workflows/conda-cpp-build.yaml +++ b/.github/workflows/conda-cpp-build.yaml @@ -195,7 +195,7 @@ jobs: GH_TOKEN: ${{ inputs.alternative-gh-token-secret-name && secrets[inputs.alternative-gh-token-secret-name] || github.token }} # zizmor: ignore[overprovisioned-secrets] - name: C++ build run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.github/workflows/conda-cpp-tests.yaml b/.github/workflows/conda-cpp-tests.yaml index 9de84d23..4202dab6 100644 --- a/.github/workflows/conda-cpp-tests.yaml +++ b/.github/workflows/conda-cpp-tests.yaml @@ -282,7 +282,6 @@ jobs: local val_str=$3 if test -n "${val_str}"; then if ! test -n "${key_str}"; then - local input_name echo "ERROR: '${input_prefix}-value' non-empty but '${input_prefix}-key' is empty. Set '${input_prefix}-key'." exit 1 fi @@ -294,7 +293,7 @@ jobs: set_env_var '3' '${{ secrets.script-env-secret-3-key }}' '${{ secrets.script-env-secret-3-value }}' - name: C++ tests run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.github/workflows/conda-python-build.yaml b/.github/workflows/conda-python-build.yaml index 2129b145..a487e544 100644 --- a/.github/workflows/conda-python-build.yaml +++ b/.github/workflows/conda-python-build.yaml @@ -220,7 +220,7 @@ jobs: - name: Python build id: python-build run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" # shellcheck disable=SC1090 source "${INPUTS_SCRIPT}" diff --git a/.github/workflows/conda-python-tests.yaml b/.github/workflows/conda-python-tests.yaml index 06f70c55..18524268 100644 --- a/.github/workflows/conda-python-tests.yaml +++ b/.github/workflows/conda-python-tests.yaml @@ -287,7 +287,6 @@ jobs: local val_str=$3 if test -n "${val_str}"; then if ! test -n "${key_str}"; then - local input_name echo "ERROR: '${input_prefix}-value' non-empty but '${input_prefix}-key' is empty. Set '${input_prefix}-key'." exit 1 fi @@ -299,7 +298,7 @@ jobs: set_env_var '3' '${{ secrets.script-env-secret-3-key }}' '${{ secrets.script-env-secret-3-value }}' - name: Python tests run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.github/workflows/custom-job.yaml b/.github/workflows/custom-job.yaml index d11e5c2a..1962c5cf 100644 --- a/.github/workflows/custom-job.yaml +++ b/.github/workflows/custom-job.yaml @@ -203,7 +203,7 @@ jobs: persist-credentials: false - name: Run script run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: # NEEDS alternative-gh-token-secret-name - may require a token with more permissions diff --git a/.github/workflows/wheels-build.yaml b/.github/workflows/wheels-build.yaml index cac07e60..74cdcbe7 100644 --- a/.github/workflows/wheels-build.yaml +++ b/.github/workflows/wheels-build.yaml @@ -268,7 +268,7 @@ jobs: - name: Build and repair the wheel id: build-wheel run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" # shellcheck disable=SC1090 source "${INPUTS_SCRIPT}" diff --git a/.github/workflows/wheels-test.yaml b/.github/workflows/wheels-test.yaml index ad84d6da..90e582d7 100644 --- a/.github/workflows/wheels-test.yaml +++ b/.github/workflows/wheels-test.yaml @@ -312,7 +312,6 @@ jobs: local val_str=$3 if test -n "${val_str}"; then if ! test -n "${key_str}"; then - local input_name echo "ERROR: '${input_prefix}-value' non-empty but '${input_prefix}-key' is empty. Set '${input_prefix}-key'." exit 1 fi @@ -324,7 +323,7 @@ jobs: set_env_var '3' '${{ secrets.script-env-secret-3-key }}' '${{ secrets.script-env-secret-3-value }}' - name: Run tests run: | - ulimit -n $(ulimit -Hn) + ulimit -n "$(ulimit -Hn)" $INPUTS_SCRIPT env: INPUTS_SCRIPT: "${{ inputs.script }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b210f81b..5fa41cd1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -26,10 +26,8 @@ repos: hooks: - id: verify-copyright - repo: https://github.com/zizmorcore/zizmor-pre-commit - # Zizmor version. rev: v1.20.0 hooks: - # Run the linter. - id: zizmor exclude: | (?x)^(