fix(ci): harden some workflows in cocoon#5106
Conversation
fixes flutter/flutter#189097 ``` ➜ /app /opt/zizmor --gh-token=$(gh auth token) .github/workflows INFO zizmor: 🌈 zizmor v1.25.2 INFO audit: zizmor: 🌈 completed .github/workflows/app_dart_tests.yaml INFO audit: zizmor: 🌈 completed .github/workflows/common_validation.yaml INFO audit: zizmor: 🌈 completed .github/workflows/dashboard_tests.yaml INFO audit: zizmor: 🌈 completed .github/workflows/packages_checks.yaml No findings to report. Good job! (13 suppressed) ➜ /app /opt/zizmor --gh-token=$(gh auth token) packages/wait_for_tests INFO zizmor: 🌈 zizmor v1.25.2 INFO audit: zizmor: 🌈 completed packages/wait_for_tests/action.yml No findings to report. Good job! (1 suppressed) ```
There was a problem hiding this comment.
Code Review
This pull request updates the packages/wait_for_tests/action.yml composite action. It pins the dart-lang/setup-dart dependency to a specific commit SHA for enhanced security. Additionally, it refactors the action to pass the resolved action path between steps using step outputs ($GITHUB_OUTPUT) instead of modifying the global environment ($GITHUB_ENV). There are no review comments, and the changes are clean and follow best practices.
|
An existing Git SHA, To re-trigger presubmits after closing or re-opeing a PR, or pushing a HEAD commit (i.e. with |
|
That is not the button I meant to press... |
eyebrowsoffire
left a comment
There was a problem hiding this comment.
This one looks pretty straightforward! Just one nitpick but otherwise LGTM
fixes flutter/flutter#189097