test: zizmor reusable fork pin for vendor excludes (#326)#146
Closed
isaiah-grafana wants to merge 4 commits intografana:mainfrom
Closed
test: zizmor reusable fork pin for vendor excludes (#326)#146isaiah-grafana wants to merge 4 commits intografana:mainfrom
isaiah-grafana wants to merge 4 commits intografana:mainfrom
Conversation
Point self-zizmor at isaiah-grafana/shared-workflows@242628b for ruleset testing of .github/zizmor-collection-ignore. Revert to grafana/shared-workflows after upstream merge. Made-with: Cursor
Point reusable-zizmor at isaiah-grafana/shared-workflows feat/zizmor-vendor-excludes-326 so org ruleset testing tracks latest fork pushes without bumping SHAs.
Resolve self-zizmor conflict: keep isaiah-grafana fork branch pin for #326. Relax fail-severity to critical on this pilot branch so high-severity zizmor findings do not block ruleset testing; restore high when pinning to upstream.
Code scanning flagged unpinned reusable workflow (branch ref). Pin isaiah-grafana/shared-workflows reusable to commit ca9579cb3a5b072b4f75af091380536c01131610.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
Author
|
Closing fork-head PR. Replacing with same-repo branch PR: test/zizmor-vendor-excludes-326 on grafana/security-github-actions into main (no isaiah-grafana fork head). |
isaiah-grafana
added a commit
that referenced
this pull request
Apr 21, 2026
Re-apply reusable workflow pin to isaiah-grafana/shared-workflows@ca9579c and fail-severity critical for ruleset pilot testing (same as pre-close branch).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I used this branch to test rulesets against the #326 zizmor change:
self-zizmortemporarilyuses:isaiah-grafana/shared-workflows@242628b…so we could point rulesets attest/zizmor-vendor-excludes-326on this repo.Don’t merge this to
main. Real rollout: merge grafana/shared-workflows#1861, then swap theuses:line tografana/shared-workflows/...@ merge SHA here, put rulesets back tomain, and close this.https://github.com/grafana/security-appsec/issues/326