MNT/SEC: setup pre-commit + zizmor and address for security-related lints#494
MNT/SEC: setup pre-commit + zizmor and address for security-related lints#494neutrinoceros merged 6 commits intopydata:masterfrom
Conversation
| merge-multiple: true | ||
|
|
||
| - uses: pypa/gh-action-pypi-publish@release/v1 | ||
| - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 # zizmor: ignore[use-trusted-publishing] |
There was a problem hiding this comment.
Ideally we would also setup trusted publishing, but this requires clearance on the PyPI side, which I do not have, so I'm ignoring the rule for now.
There was a problem hiding this comment.
May be useful as a follow-up indeed. Although given the current CI trouble, perhaps best to wait until everything is green again.
neutrinoceros
force-pushed
the
zizmor
branch
from
146d781 to
9fdb324
Compare
|
Since I last visited this PR, pre-commit.ci was enabled (presumably by @rgommers ?) but we haven't added a .pre-commit-config.yaml file yet. I'm happy to do it when this one is merged ! |
|
Whoops, looks like I already added it actually. Let's rebase to make sure it passes then. |
rgommers
left a comment
rgommers
left a comment
There was a problem hiding this comment.
Needs another rebase and accumulated a small merge conflict. Other than that, LGTM!
2 participants
use-trusted-publishinglint ruleThis will also set a fundation for migrating from flake8+black to ruff for Python linting and formatting through pre-commit.
Ideally I would like to set up
pre-commit.cias an external service, though I don't have sufficient permissions to do it on my own so I sent a request (but I'm unsure who's going to receive it). In the mean time I set up a GHA-based job to ensure it's run in CI.