Skip to content

fix: maintenance issues #452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

fix: maintenance issues #452

wants to merge 16 commits into from

Conversation

clatapie
Copy link
Collaborator

@clatapie clatapie commented Aug 11, 2025
edited
Loading

Closes #404, #427, #428, #448, and #449.

This PR enables to:

  • fix AUTHORS file
  • add a SECURITY.md file
  • add check-vulnerabilities action
  • add pypa/gh-action-pypi-publish action
  • add check-actions-security action (done by @moe-ad)

@clatapie clatapie self-assigned this Aug 11, 2025
@codecov-commenter
Copy link

codecov-commenter commented Aug 11, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.91%. Comparing base (45ddb06) to head (a11b8ff).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #452   +/-   ##
=======================================
  Coverage   86.91%   86.91%           
=======================================
  Files          13       13           
  Lines        2835     2835           
=======================================
  Hits         2464     2464           
  Misses        371      371
Flag Coverage Δ
coverage 86.91% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

This was linked to issues Aug 11, 2025
[MAINTENANCE] Missing or outdated ansys/actions/check-vulnerabilities action in ansys/pyconverter-xml2py #427
Open
[MAINTENANCE] Missing or outdated SECURITY.md file in ansys/pyconverter-xml2py #428
Open
[MAINTENANCE] Missing or outdated pypa/gh-action-pypi-publish action in ansys/pyconverter-xml2py #448
Open
[MAINTENANCE] Missing or outdated ansys/actions/release-pypi-public action in ansys/pyconverter-xml2py #449
Open
@clatapie clatapie requested a review from RobPasMue August 11, 2025 15:15
@clatapie clatapie enabled auto-merge (squash) August 11, 2025 15:15
@moe-ad
Copy link

moe-ad commented Sep 3, 2025

Hi @clatapie, I fixed detected vulnerabilities in the workflows.

You will see a number of zizmor: ignore[cache-poisoning] comments in your cache steps. If removing the cache steps will not impact the your workflow durations much, I recommend doing that instead of ignoring them (especially for jobs where you are uploading artifacts). See the remediation steps and this attack scenario.

Also, you may investigate if it is possible to make some of the permissions I assigned to the jobs even more restrictive. Those I already assigned should be pretty close to being the minimum required (if not already), but I cannot 100% guarantee that there is no longer room for improvement.

@moe-ad moe-ad mentioned this pull request Sep 3, 2025
Merged
4 tasks
@clatapie
Copy link
Collaborator Author

clatapie commented Sep 8, 2025

Thank you very much @moe-ad for looking into it! I will read the documentation you wrote to improve the permissions.

@clatapie
Copy link
Collaborator Author

clatapie commented Sep 9, 2025

Everything looked good to me after reading your documentation and checking your changes.

This PR is ready to be reviewed and merged

@clatapie clatapie requested a review from a team September 9, 2025 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RobPasMue RobPasMue Awaiting requested review from RobPasMue

At least 1 approving review is required to merge this pull request.

Assignees

@clatapie clatapie

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@clatapie @codecov-commenter @moe-ad