From 3abb5f8808ac0cc037d2469c5f18e8d3e68b738a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20J=C4=99drecki?= Date: Mon, 15 Jun 2026 17:37:32 +0200 Subject: [PATCH 1/4] Fix all security issues found with zizmor --- .github/actions/run-appinspect/action.yml | 14 ++++--------- .../actions/setup-sdk-environment/action.yml | 8 ++------ .github/dependabot.yaml | 4 ++++ .github/workflows/appinspect.yml | 6 ++++++ .github/workflows/cd.yml | 20 +++++++++++++------ .github/workflows/lint.yml | 6 ++++++ .github/workflows/test.yml | 6 +++++- 7 files changed, 41 insertions(+), 23 deletions(-) diff --git a/.github/actions/run-appinspect/action.yml b/.github/actions/run-appinspect/action.yml index 51147a6cd..60b2713ed 100644 --- a/.github/actions/run-appinspect/action.yml +++ b/.github/actions/run-appinspect/action.yml @@ -1,12 +1,6 @@ name: Run Splunk AppInspect description: Package a mock app containing the SDK and its dependencies, then validate it with AppInspect. -inputs: - mock-app-path: - description: Path to app packaged for scanning with AppInspect - required: true - default: ./tests/system/test_apps/generating_app - runs: using: composite steps: @@ -16,13 +10,13 @@ runs: - name: Install the SDK and its dependencies into the mock app shell: bash run: | - mkdir -p ${{ inputs.mock-app-path }}/bin/lib - uv pip install ".[openai, anthropic, google]" --target ${{ inputs.mock-app-path }}/bin/lib + mkdir -p ./tests/system/test_apps/generating_app/bin/lib + uv pip install ".[openai, anthropic, google]" --target ./tests/system/test_apps/generating_app/bin/lib - name: Package the mock app shell: bash run: | - cd ${{ inputs.mock-app-path }} + cd ./tests/system/test_apps/generating_app tar -czf mock_app.tgz --exclude="__pycache__" bin default metadata - name: Validate the mock app with AppInspect shell: bash - run: uvx splunk-appinspect inspect ${{ inputs.mock-app-path }}/mock_app.tgz --included-tags cloud + run: uvx splunk-appinspect inspect ./tests/system/test_apps/generating_app/mock_app.tgz --included-tags cloud diff --git a/.github/actions/setup-sdk-environment/action.yml b/.github/actions/setup-sdk-environment/action.yml index 04c7c1ba9..30d8df447 100644 --- a/.github/actions/setup-sdk-environment/action.yml +++ b/.github/actions/setup-sdk-environment/action.yml @@ -2,10 +2,6 @@ name: Set up SDK environment description: Perform all the shared setup steps inputs: - python-version: - description: Python version used for this run - required: true - default: "3.13" deps-group: description: Dependency groups passed to `uv sync --group` required: true @@ -17,7 +13,7 @@ runs: - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: version: 0.11.6 - python-version: ${{ inputs.python-version }} + python-version: 3.13 activate-environment: true enable-cache: true cache-python: true @@ -25,4 +21,4 @@ runs: env: SDK_DEPS_GROUP: ${{ inputs.deps-group }} shell: bash - run: SDK_DEPS_GROUP="${{ inputs.deps-group }}" make ci-install + run: make ci-install diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index bcae6e510..c3e7cb1dc 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -8,6 +8,8 @@ updates: groups: github-actions: patterns: ["*"] + cooldown: + default-days: 7 - package-ecosystem: "uv" directory: "/" schedule: @@ -15,3 +17,5 @@ updates: groups: python-uv-lock: patterns: ["*"] + cooldown: + default-days: 7 diff --git a/.github/workflows/appinspect.yml b/.github/workflows/appinspect.yml index 44a1c6c5f..f72020802 100644 --- a/.github/workflows/appinspect.yml +++ b/.github/workflows/appinspect.yml @@ -5,6 +5,12 @@ on: pull_request: workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: {} + env: PYTHON_VERSION: 3.13 diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index f1b18bc85..ee35a38d6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,4 +1,4 @@ -name: Python CD +name: Python SDK CD on: push: branches: [develop] @@ -6,6 +6,12 @@ on: types: [published] workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: false + +permissions: {} + env: DIST_DIR: dist/ @@ -26,15 +32,17 @@ jobs: deps-group: release - name: Set pre-release version if: startsWith(github.ref, 'refs/tags/') != true + env: + RUN_NUMBER: ${{ github.run_number }} run: | VERSION_BASE="$(uv version --short)" - RUN_NUMBER="${{ github.run_number }}" uv version "${VERSION_BASE}.dev${RUN_NUMBER}" - name: Set release version if: startsWith(github.ref, 'refs/tags/') == true + env: + VERSION_TAG: ${{ github.event.release.tag_name }} run: | - VERSION_TAG="${{ github.event.release.tag_name }}" - [[ $VERSION_TAG != $(uv version --short) ]] && { + [[ ${VERSION_TAG} != $(uv version --short) ]] && { printf "Git tag should be identical to version field in pyproject.toml" exit 1 } @@ -64,7 +72,7 @@ jobs: needs: build-distributables runs-on: ubuntu-latest permissions: - id-token: write + id-token: write # Required for OIDC-based trusted publishing to PyPI environment: name: splunk-test-pypi url: https://test.pypi.org/project/splunk-sdk/ @@ -84,7 +92,7 @@ jobs: needs: build-distributables runs-on: ubuntu-latest permissions: - id-token: write + id-token: write # Required for OIDC-based trusted publishing to PyPI environment: name: splunk-pypi url: https://pypi.org/project/splunk-sdk/ diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f9d0b1542..077c3dd87 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,6 +5,12 @@ on: pull_request: workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: {} + jobs: lint: runs-on: ubuntu-latest diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 162d1910c..4da3b33d4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,6 +9,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true +permissions: {} + jobs: test: runs-on: ubuntu-latest @@ -30,7 +32,9 @@ jobs: SPLUNKBASE_PASSWORD: ${{ secrets.SPLUNKBASE_PASSWORD }} run: uv run ./scripts/download_splunk_mcp_server_app.py - name: Launch Splunk Docker instance - run: SPLUNK_VERSION=${{ matrix.splunk-version }} docker compose up -d + env: + SPLUNK_VERSION: ${{ matrix.splunk-version }} + run: docker compose up -d - name: Set up .env run: cp .env.template .env - name: Write internal AI secrets to .env From 8abaacce43cf649c82e6ab44683c172fa3f05afa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20J=C4=99drecki?= Date: Mon, 15 Jun 2026 17:37:32 +0200 Subject: [PATCH 2/4] Add zizmor to lint stage --- Makefile | 12 ++++++++++-- pyproject.toml | 7 ++++++- uv.lock | 22 ++++++++++++++++++++++ 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index e62aa91de..c7b9ffee1 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,11 @@ ci-install: UV_RUN_CMD := uv run .PHONY: lint -lint: lint-python # TODO: Add mbake +lint: lint-python lint-gh-actions # TODO: Add mbake + +.PHONY: lint-gh-actions +lint-gh-actions: + $(UV_RUN_CMD) zizmor --pedantic --collect=all --strict-collection . .PHONY: lint-python lint-python: @@ -31,7 +35,11 @@ lint-python: $(UV_RUN_CMD) basedpyright .PHONY: ci-lint -ci-lint: ci-lint-python # TODO: Add mbake +ci-lint: ci-lint-python ci-lint-gh-actions # TODO: Add mbake + +.PHONY: ci-lint-gh-actions +ci-lint-gh-actions: + $(UV_RUN_CMD) zizmor --pedantic --collect=all --strict-collection --fix . .PHONY: ci-lint-python ci-lint-python: diff --git a/pyproject.toml b/pyproject.toml index fcf5a3731..a153c0aaf 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -53,7 +53,12 @@ test = [ "vcrpy>=8.1.1", ] release = ["build>=1.5.0", "jinja2>=3.1.6", "sphinx>=9.1.0", "twine>=6.2.0"] -lint = ["basedpyright>=1.39.4", "ruff>=0.15.12", "mbake>=1.4.6"] +lint = [ + "basedpyright>=1.39.4", + "ruff>=0.15.12", + "mbake>=1.4.6", + "zizmor==1.24.1", +] dev = [ "rich>=15.0.0", { include-group = "test" }, diff --git a/uv.lock b/uv.lock index 57c885951..5554ecbfd 100644 --- a/uv.lock +++ b/uv.lock @@ -1829,11 +1829,13 @@ dev = [ { name = "splunk-sdk", extra = ["anthropic", "google", "openai"] }, { name = "twine" }, { name = "vcrpy" }, + { name = "zizmor" }, ] lint = [ { name = "basedpyright" }, { name = "mbake" }, { name = "ruff" }, + { name = "zizmor" }, ] release = [ { name = "build" }, @@ -1883,11 +1885,13 @@ dev = [ { name = "splunk-sdk", extras = ["openai", "anthropic", "google"], specifier = ">=3.0.0" }, { name = "twine", specifier = ">=6.2.0" }, { name = "vcrpy", specifier = ">=8.1.1" }, + { name = "zizmor", specifier = "==1.24.1" }, ] lint = [ { name = "basedpyright", specifier = ">=1.39.4" }, { name = "mbake", specifier = ">=1.4.6" }, { name = "ruff", specifier = ">=0.15.12" }, + { name = "zizmor", specifier = "==1.24.1" }, ] release = [ { name = "build", specifier = ">=1.5.0" }, @@ -2328,6 +2332,24 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/74/35/698e7e3ff38e22992ea24870a511d8762474fb6783627a2910ff22a185c2/xxhash-3.7.0-cp314-cp314t-win_arm64.whl", hash = "sha256:468f0fc114faaa4b36699f8e328bbc3bb11dc418ba94ac52c26dd736d4b6c637", size = 28807, upload-time = "2026-04-25T11:09:11.234Z" }, ] +[[package]] +name = "zizmor" +version = "1.24.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/27/98/21be481ab5c08d976e59409828cfcb460a32a737415cf4e9c3f3280acc0b/zizmor-1.24.1.tar.gz", hash = "sha256:54ebb7a7061ebaa3a373126dcbafe970c9228fe274cfc40776a9714d2095b5e6", size = 501427, upload-time = "2026-04-13T18:01:34.666Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6a/0d/c932a14dfe7d3fed5dbf26a7bf1b7b9dbf277cef1d0b76fbcddae386442d/zizmor-1.24.1-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:fd7c4953aa438aae599db69ed70ac687995e9e3314208bf1be5336479d556c8e", size = 9123014, upload-time = "2026-04-13T18:01:28.834Z" }, + { url = "https://files.pythonhosted.org/packages/5c/cc/f87ff2ccb9c57f4a1e5e9bd0351f9c84dc724fbd61b8ef70bc7e8abc1e0e/zizmor-1.24.1-py3-none-macosx_11_0_arm64.whl", hash = "sha256:f44379019188b1a18d560614ab8abac7ce10553ad2ab57d519fa1c214881ff95", size = 8664275, upload-time = "2026-04-13T18:01:24.588Z" }, + { url = "https://files.pythonhosted.org/packages/d2/64/1dfa166dea03ddff23ee3d6c6ebce8322766f7188e008aa0d3612af3e709/zizmor-1.24.1-py3-none-manylinux_2_24_aarch64.whl", hash = "sha256:9b0689c55854edb0f3e6430321a93ca0081d8e34028cdcb47b9504f8a8559c27", size = 8837100, upload-time = "2026-04-13T18:01:18.708Z" }, + { url = "https://files.pythonhosted.org/packages/65/67/cc411d605fec63b70558d572eb3fc2dbe4e596753e747b74daf5b795c1ed/zizmor-1.24.1-py3-none-manylinux_2_28_armv7l.whl", hash = "sha256:61f39674d5ea29640c4b09f3c239b3c9824c646bc790fa3680022e7bb569b375", size = 8430633, upload-time = "2026-04-13T18:01:20.757Z" }, + { url = "https://files.pythonhosted.org/packages/76/86/f8dfffc7a5348c41bc17dea1f1796ac1a56d5e448f26a4193bc65996f571/zizmor-1.24.1-py3-none-manylinux_2_28_x86_64.whl", hash = "sha256:73083efc7a65e5a58f4439dd781cdcb0394b05a3750e664c7f7e414589dc49b1", size = 9263074, upload-time = "2026-04-13T18:01:31.403Z" }, + { url = "https://files.pythonhosted.org/packages/14/62/db19dd027b412e92bbea8bd311b733d7726402ee3c734033c714125348f1/zizmor-1.24.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:d36a2ba3b6d839acd4542f1a8f42bc34ff902cbff302cdf7916cb4e49dc8c5cc", size = 8863996, upload-time = "2026-04-13T18:01:35.929Z" }, + { url = "https://files.pythonhosted.org/packages/8d/28/c4f220a14cb100ecc965ea0faed1c1229139861a55e792522274221988b3/zizmor-1.24.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:ff5acdd10c66ac27396c0fe14e4604933f6c622ffda38a6aa2857b99c75f5108", size = 8382934, upload-time = "2026-04-13T18:01:27.014Z" }, + { url = "https://files.pythonhosted.org/packages/a1/df/9593e8851424738a3b682be8958abf0e6a2c170e0c880d7b3bfb5d9eaf15/zizmor-1.24.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:b2d873816137296ca5633ad240a574ce49374009a39d43f78a1675e2dba1ab52", size = 9352624, upload-time = "2026-04-13T18:01:16.672Z" }, + { url = "https://files.pythonhosted.org/packages/ee/b9/2c4fe526fc02926206903bfc72dbfbc215f01728eccef8135363d57890c9/zizmor-1.24.1-py3-none-win32.whl", hash = "sha256:c87812173fef2a3449d269e50e93b67b2f40826d10464c7add0c0fd7f0523a2c", size = 7496962, upload-time = "2026-04-13T18:01:22.773Z" }, + { url = "https://files.pythonhosted.org/packages/ed/24/710149e5d64d474103165b9eef6f7698827ef2fbb762b034ebc02b11a816/zizmor-1.24.1-py3-none-win_amd64.whl", hash = "sha256:9a0e552bf84f146699a0231dc42cf2cd5cfe140e3f08ff867ac154f62fc1ac2e", size = 8550658, upload-time = "2026-04-13T18:01:33.13Z" }, +] + [[package]] name = "zstandard" version = "0.25.0" From 3aeb6ba701e2c646d1947146cc9d2a60d38853f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20J=C4=99drecki?= Date: Tue, 16 Jun 2026 13:28:56 +0200 Subject: [PATCH 3/4] Get rid of pedantic warnings, update zizmor, misc adjustments --- .claude/worktrees/fix-docs-css-links | 1 + .claude/worktrees/investigate-pr-800 | 1 + .github/actions/run-appinspect/action.yml | 2 +- .github/workflows/appinspect.yml | 1 + .github/workflows/cd.yml | 3 +++ .github/workflows/lint.yml | 1 + .github/workflows/test.yml | 7 +++-- Makefile | 11 +++++--- pyproject.toml | 2 +- uv.lock | 32 +++++++++++------------ 10 files changed, 35 insertions(+), 26 deletions(-) create mode 160000 .claude/worktrees/fix-docs-css-links create mode 160000 .claude/worktrees/investigate-pr-800 diff --git a/.claude/worktrees/fix-docs-css-links b/.claude/worktrees/fix-docs-css-links new file mode 160000 index 000000000..9d742350d --- /dev/null +++ b/.claude/worktrees/fix-docs-css-links @@ -0,0 +1 @@ +Subproject commit 9d742350d330ffa9e09c5deef6cbdd3bd0e0f366 diff --git a/.claude/worktrees/investigate-pr-800 b/.claude/worktrees/investigate-pr-800 new file mode 160000 index 000000000..c64a592e2 --- /dev/null +++ b/.claude/worktrees/investigate-pr-800 @@ -0,0 +1 @@ +Subproject commit c64a592e2517560433039fd9a6681bb44d1e8cb6 diff --git a/.github/actions/run-appinspect/action.yml b/.github/actions/run-appinspect/action.yml index 60b2713ed..15f7c052b 100644 --- a/.github/actions/run-appinspect/action.yml +++ b/.github/actions/run-appinspect/action.yml @@ -7,7 +7,7 @@ runs: - name: Install AppInspect dependencies shell: bash run: sudo apt-get install -y libmagic1 - - name: Install the SDK and its dependencies into the mock app + - name: Install the SDK and its dependencies into a mock app shell: bash run: | mkdir -p ./tests/system/test_apps/generating_app/bin/lib diff --git a/.github/workflows/appinspect.yml b/.github/workflows/appinspect.yml index f72020802..e65b69284 100644 --- a/.github/workflows/appinspect.yml +++ b/.github/workflows/appinspect.yml @@ -16,6 +16,7 @@ env: jobs: appinspect: + name: Run AppInspect runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ee35a38d6..f510f93dc 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -17,6 +17,7 @@ env: jobs: build-distributables: + name: Build release distributables # Why building is separate from publishing: # https://github.com/pypa/gh-action-pypi-publish/issues/217#issuecomment-1965727093 runs-on: ubuntu-latest @@ -68,6 +69,7 @@ jobs: path: docs/_build/html publish-pre-release: + name: Publish pre-release to Test PyPI if: startsWith(github.ref, 'refs/tags/') == false needs: build-distributables runs-on: ubuntu-latest @@ -88,6 +90,7 @@ jobs: repository-url: https://test.pypi.org/legacy/ publish-release: + name: Publish release to PyPI if: startsWith(github.ref, 'refs/tags/') == true needs: build-distributables runs-on: ubuntu-latest diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 077c3dd87..93e88dbf8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,6 +13,7 @@ permissions: {} jobs: lint: + name: Run linters runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4da3b33d4..8f23ebd47 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,6 +13,7 @@ permissions: {} jobs: test: + name: Run test suite runs-on: ubuntu-latest strategy: matrix: @@ -55,10 +56,8 @@ jobs: uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae with: path: .pytest_cache - key: pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}-${{ - github.sha }} - restore-keys: | - pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}- + key: pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}-${{ github.sha }} + restore-keys: pytest-cache-${{ runner.os }}-py${{ matrix.python-version }}-${{ github.ref_name }}- - name: Run unit tests run: make test-unit - name: Run integration/system tests diff --git a/Makefile b/Makefile index c7b9ffee1..fd145d5e6 100644 --- a/Makefile +++ b/Makefile @@ -2,9 +2,13 @@ ## VIRTUALENV MANAGEMENT -# https://docs.astral.sh/uv/reference/cli/#uv-run--upgrade +# https://docs.astral.sh/uv/reference/cli/#uv-sync # --no-config skips Splunk's internal PyPI mirror UV_SYNC_CMD := uv sync --no-config +# https://docs.astral.sh/uv/reference/cli/#uv-run +UV_RUN_CMD := uv run +# https://docs.zizmor.sh/usage +ZIZMOR_CMD := $(UV_RUN_CMD) zizmor --pedantic --strict-collection .PHONY: install install: @@ -20,13 +24,12 @@ upgrade: ci-install: $(UV_SYNC_CMD) --frozen --group $(SDK_DEPS_GROUP) -UV_RUN_CMD := uv run .PHONY: lint lint: lint-python lint-gh-actions # TODO: Add mbake .PHONY: lint-gh-actions lint-gh-actions: - $(UV_RUN_CMD) zizmor --pedantic --collect=all --strict-collection . + $(ZIZMOR_CMD) ./.github .PHONY: lint-python lint-python: @@ -39,7 +42,7 @@ ci-lint: ci-lint-python ci-lint-gh-actions # TODO: Add mbake .PHONY: ci-lint-gh-actions ci-lint-gh-actions: - $(UV_RUN_CMD) zizmor --pedantic --collect=all --strict-collection --fix . + $(ZIZMOR_CMD) ./.github .PHONY: ci-lint-python ci-lint-python: diff --git a/pyproject.toml b/pyproject.toml index a153c0aaf..021d5b895 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -57,7 +57,7 @@ lint = [ "basedpyright>=1.39.4", "ruff>=0.15.12", "mbake>=1.4.6", - "zizmor==1.24.1", + "zizmor==1.25.2", ] dev = [ "rich>=15.0.0", diff --git a/uv.lock b/uv.lock index 5554ecbfd..e6c527804 100644 --- a/uv.lock +++ b/uv.lock @@ -1885,13 +1885,13 @@ dev = [ { name = "splunk-sdk", extras = ["openai", "anthropic", "google"], specifier = ">=3.0.0" }, { name = "twine", specifier = ">=6.2.0" }, { name = "vcrpy", specifier = ">=8.1.1" }, - { name = "zizmor", specifier = "==1.24.1" }, + { name = "zizmor", specifier = "==1.25.2" }, ] lint = [ { name = "basedpyright", specifier = ">=1.39.4" }, { name = "mbake", specifier = ">=1.4.6" }, { name = "ruff", specifier = ">=0.15.12" }, - { name = "zizmor", specifier = "==1.24.1" }, + { name = "zizmor", specifier = "==1.25.2" }, ] release = [ { name = "build", specifier = ">=1.5.0" }, @@ -2334,20 +2334,20 @@ wheels = [ [[package]] name = "zizmor" -version = "1.24.1" -source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/27/98/21be481ab5c08d976e59409828cfcb460a32a737415cf4e9c3f3280acc0b/zizmor-1.24.1.tar.gz", hash = "sha256:54ebb7a7061ebaa3a373126dcbafe970c9228fe274cfc40776a9714d2095b5e6", size = 501427, upload-time = "2026-04-13T18:01:34.666Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/6a/0d/c932a14dfe7d3fed5dbf26a7bf1b7b9dbf277cef1d0b76fbcddae386442d/zizmor-1.24.1-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:fd7c4953aa438aae599db69ed70ac687995e9e3314208bf1be5336479d556c8e", size = 9123014, upload-time = "2026-04-13T18:01:28.834Z" }, - { url = "https://files.pythonhosted.org/packages/5c/cc/f87ff2ccb9c57f4a1e5e9bd0351f9c84dc724fbd61b8ef70bc7e8abc1e0e/zizmor-1.24.1-py3-none-macosx_11_0_arm64.whl", hash = "sha256:f44379019188b1a18d560614ab8abac7ce10553ad2ab57d519fa1c214881ff95", size = 8664275, upload-time = "2026-04-13T18:01:24.588Z" }, - { url = "https://files.pythonhosted.org/packages/d2/64/1dfa166dea03ddff23ee3d6c6ebce8322766f7188e008aa0d3612af3e709/zizmor-1.24.1-py3-none-manylinux_2_24_aarch64.whl", hash = "sha256:9b0689c55854edb0f3e6430321a93ca0081d8e34028cdcb47b9504f8a8559c27", size = 8837100, upload-time = "2026-04-13T18:01:18.708Z" }, - { url = "https://files.pythonhosted.org/packages/65/67/cc411d605fec63b70558d572eb3fc2dbe4e596753e747b74daf5b795c1ed/zizmor-1.24.1-py3-none-manylinux_2_28_armv7l.whl", hash = "sha256:61f39674d5ea29640c4b09f3c239b3c9824c646bc790fa3680022e7bb569b375", size = 8430633, upload-time = "2026-04-13T18:01:20.757Z" }, - { url = "https://files.pythonhosted.org/packages/76/86/f8dfffc7a5348c41bc17dea1f1796ac1a56d5e448f26a4193bc65996f571/zizmor-1.24.1-py3-none-manylinux_2_28_x86_64.whl", hash = "sha256:73083efc7a65e5a58f4439dd781cdcb0394b05a3750e664c7f7e414589dc49b1", size = 9263074, upload-time = "2026-04-13T18:01:31.403Z" }, - { url = "https://files.pythonhosted.org/packages/14/62/db19dd027b412e92bbea8bd311b733d7726402ee3c734033c714125348f1/zizmor-1.24.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:d36a2ba3b6d839acd4542f1a8f42bc34ff902cbff302cdf7916cb4e49dc8c5cc", size = 8863996, upload-time = "2026-04-13T18:01:35.929Z" }, - { url = "https://files.pythonhosted.org/packages/8d/28/c4f220a14cb100ecc965ea0faed1c1229139861a55e792522274221988b3/zizmor-1.24.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:ff5acdd10c66ac27396c0fe14e4604933f6c622ffda38a6aa2857b99c75f5108", size = 8382934, upload-time = "2026-04-13T18:01:27.014Z" }, - { url = "https://files.pythonhosted.org/packages/a1/df/9593e8851424738a3b682be8958abf0e6a2c170e0c880d7b3bfb5d9eaf15/zizmor-1.24.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:b2d873816137296ca5633ad240a574ce49374009a39d43f78a1675e2dba1ab52", size = 9352624, upload-time = "2026-04-13T18:01:16.672Z" }, - { url = "https://files.pythonhosted.org/packages/ee/b9/2c4fe526fc02926206903bfc72dbfbc215f01728eccef8135363d57890c9/zizmor-1.24.1-py3-none-win32.whl", hash = "sha256:c87812173fef2a3449d269e50e93b67b2f40826d10464c7add0c0fd7f0523a2c", size = 7496962, upload-time = "2026-04-13T18:01:22.773Z" }, - { url = "https://files.pythonhosted.org/packages/ed/24/710149e5d64d474103165b9eef6f7698827ef2fbb762b034ebc02b11a816/zizmor-1.24.1-py3-none-win_amd64.whl", hash = "sha256:9a0e552bf84f146699a0231dc42cf2cd5cfe140e3f08ff867ac154f62fc1ac2e", size = 8550658, upload-time = "2026-04-13T18:01:33.13Z" }, +version = "1.25.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b3/41/8987d546e3101cc76748b2f1b0ccda58e244773ef5124d39e7e749e3d6e4/zizmor-1.25.2.tar.gz", hash = "sha256:f26ffeb16659c8922c7b08203ca5a4f8bf5e1a7e8d190734961c40877cf778ea", size = 517794, upload-time = "2026-05-16T06:28:43.816Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/dc/bd/84108a92ccbfda0d28efc11f382997c7a767b58863bf4a550634b8cf0211/zizmor-1.25.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:17cc8cfd9d472e8b11945a869c198d25cfdf4a33f36fa7a1f9674099f5fb509d", size = 9115548, upload-time = "2026-05-16T06:28:33.591Z" }, + { url = "https://files.pythonhosted.org/packages/c2/c0/66453a2553a66286a96ca32d75e3e6bcc94ce7f907cd5f8c2c3fce55315e/zizmor-1.25.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:d3e301eb4465e2da77857cf01ab4ef0184cf3818e826800b270ab01ae7338977", size = 8665071, upload-time = "2026-05-16T06:28:30.861Z" }, + { url = "https://files.pythonhosted.org/packages/52/3e/d60939d1cc4907c0d021a7c46362aab5e8045550bb09157d56c070e43568/zizmor-1.25.2-py3-none-manylinux_2_24_aarch64.whl", hash = "sha256:cf64374149b567c9373228b76c8e77a389b4071899f84b82c36ee50fab894e79", size = 8842884, upload-time = "2026-05-16T06:28:26.041Z" }, + { url = "https://files.pythonhosted.org/packages/46/82/f3e8d9b6d941194f2558591b449c106d46a16ea566b95eccff3a83bf6acc/zizmor-1.25.2-py3-none-manylinux_2_28_armv7l.whl", hash = "sha256:0beba1601be08bd00c9277e6ed4b026e125b26b379d86d6d98eb708409b3050d", size = 8449741, upload-time = "2026-05-16T06:28:45.424Z" }, + { url = "https://files.pythonhosted.org/packages/4b/13/445bc98acc2c976d6b8f8ca59b9c09f055adb5ffb3445d99af8ff7efcb4f/zizmor-1.25.2-py3-none-manylinux_2_28_x86_64.whl", hash = "sha256:c4246f1344d8dbeffc044d7bb11b131773a7db7eb57d9073c45942dfd3543a1f", size = 9285184, upload-time = "2026-05-16T06:28:39.21Z" }, + { url = "https://files.pythonhosted.org/packages/cf/78/fc7717c706bde7531b2fde12003994fbc04c47ab4f91aa6ca9b3b24b30fd/zizmor-1.25.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:dbb1b5c85b8de8eaa0227c6620f06c8e4fbd0a4da2086e218bc225c0bef0923d", size = 8886579, upload-time = "2026-05-16T06:28:51.384Z" }, + { url = "https://files.pythonhosted.org/packages/ca/bc/a46f11377cdc145c625d62d88c30fead56f9d29bc31652069a1a0eaed6c2/zizmor-1.25.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:d670a1e2f00b3cd56febd145bc1a0b2c4caf1cbe5dad8128721843fa877e2d2e", size = 8413576, upload-time = "2026-05-16T06:28:36.376Z" }, + { url = "https://files.pythonhosted.org/packages/2b/3b/0fd93b77171c8f229e8e1304eecc9931bf3009f722c57967d545d9f151b6/zizmor-1.25.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:b75c84d7387389f95edadbe859fb2aaf0a360c5b080932cc53e92ae1db6f09ef", size = 9378162, upload-time = "2026-05-16T06:28:41.999Z" }, + { url = "https://files.pythonhosted.org/packages/b5/3f/dcb85fb9a0d87794847f9043f9db9bb4d274cf4b8077604bc13850c8fdb4/zizmor-1.25.2-py3-none-win32.whl", hash = "sha256:aa9f4c43b499c55339c3ef2e885133c5017cd9a18d76d9335541203cfa5ae1e7", size = 7548509, upload-time = "2026-05-16T06:28:28.828Z" }, + { url = "https://files.pythonhosted.org/packages/d2/81/1cb088098bd53f9b910098b0c19d06dc587acf328a170ef8afd1cd93b482/zizmor-1.25.2-py3-none-win_amd64.whl", hash = "sha256:af55bd9bd119ea8cbce2a7addc3922503019de32c1fe31106d70b3dc77d77908", size = 8609822, upload-time = "2026-05-16T06:28:48.078Z" }, ] [[package]] From 16546ef8d95af8f766219cd45c52185c9de40e0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20J=C4=99drecki?= Date: Tue, 16 Jun 2026 15:04:45 +0200 Subject: [PATCH 4/4] Fix CI/CD --- .claude/worktrees/fix-docs-css-links | 1 - .claude/worktrees/investigate-pr-800 | 1 - .gitignore | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) delete mode 160000 .claude/worktrees/fix-docs-css-links delete mode 160000 .claude/worktrees/investigate-pr-800 diff --git a/.claude/worktrees/fix-docs-css-links b/.claude/worktrees/fix-docs-css-links deleted file mode 160000 index 9d742350d..000000000 --- a/.claude/worktrees/fix-docs-css-links +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 9d742350d330ffa9e09c5deef6cbdd3bd0e0f366 diff --git a/.claude/worktrees/investigate-pr-800 b/.claude/worktrees/investigate-pr-800 deleted file mode 160000 index c64a592e2..000000000 --- a/.claude/worktrees/investigate-pr-800 +++ /dev/null @@ -1 +0,0 @@ -Subproject commit c64a592e2517560433039fd9a6681bb44d1e8cb6 diff --git a/.gitignore b/.gitignore index c86b11f00..856716ff3 100644 --- a/.gitignore +++ b/.gitignore @@ -279,6 +279,7 @@ $RECYCLE.BIN/ .vscode/ docs/_build/ +.claude/ !*.conf.spec **/metadata/local.meta