Skip to content

Clean up workflow files from Zizmor output #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Clean up workflow files from Zizmor output #168

wants to merge 1 commit into from

Conversation

mandreko-bitwarden
Copy link
Contributor

🎟️ Tracking

https://bitwarden.atlassian.net/browse/VULN-285

📔 Objective

Perform cleanup of existing workflows to be in compliance with Zizmor and bwwl.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@mandreko-bitwarden mandreko-bitwarden requested a review from a team as a code owner October 3, 2025 15:58
Copilot
Copilot AI reviewed Oct 3, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR performs cleanup of GitHub workflow files to comply with Zizmor and bwwl security linting requirements. The changes primarily focus on improving security by explicitly setting credential persistence settings, adding proper environment variable quoting, and standardizing string formatting.

  • Adds explicit persist-credentials configurations to checkout actions for better security control
  • Updates variable references to use proper shell quoting and environment variable syntax
  • Standardizes string quoting for consistency across workflow files

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/workflows/ci.yml Adds persist-credentials: false to checkout action for security
.github/workflows/cd.yml Updates quoting, adds credential settings, and improves variable handling
.github/workflows/bwwl_operations.yml Fixes shell variable quoting and adds explicit credential persistence

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 3, 2025

Logo
Checkmarx One – Scan Summary & Detailsdf5945a7-e38c-45e7-a058-d7b22fbc47a0

Great job! No new security vulnerabilities introduced in this pull request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@mimartin12 mimartin12 mimartin12 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mandreko-bitwarden @mimartin12