[DEVOPS-1066] use CI-tools @v3#123
Conversation
There was a problem hiding this comment.
Pull request overview
Updates this repository’s GitHub Actions workflows to use the MiraGeoscience/CI-tools reusable workflows at @v3 (instead of @v2) to align CI/CD and security scanning with the newer shared pipeline definitions.
Changes:
- Bumped Zizmor security scan reusable workflow references from
@v2to@v3. - Bumped Python analysis (static analysis + pytest) reusable workflow references from
@v2to@v3. - Bumped Python deploy (dev + prod) and PR→JIRA summary reusable workflow references from
@v2to@v3.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/security_scan.yml | Updates Zizmor reusable workflows to @v3. |
| .github/workflows/python_deploy_prod.yml | Updates production release reusable workflows to @v3. |
| .github/workflows/python_deploy_dev.yml | Updates development publish reusable workflows to @v3. |
| .github/workflows/python_analysis.yml | Updates analysis/pytest reusable workflows to @v3. |
| .github/workflows/pr_add_jira_summary.yml | Updates PR→JIRA summary reusable workflow to @v3. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| contents: read | ||
| actions: read | ||
| uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-advanced-security.yml@v2 | ||
| uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-advanced-security.yml@v3 |
There was a problem hiding this comment.
The job id call-workflow-zizmor-annotate / displayed name indicates this is an "annotate" job, but it actually calls reusable-zizmor-advanced-security.yml. This mismatch is confusing when reading the workflow and when diagnosing failures in the Actions UI. Consider renaming the job id/name (or swapping the called reusable workflow) so the job identity matches what it runs.
| @@ -40,4 +40,4 @@ jobs: | |||
| checks: write | |||
| contents: read | |||
| actions: read | |||
| uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-annotate.yml@v2 | |||
| uses: MiraGeoscience/CI-tools/.github/workflows/reusable-zizmor-annotate.yml@v3 | |||
There was a problem hiding this comment.
The job id call-workflow-zizmor-advanced-security / displayed name suggests "advanced security", but it calls reusable-zizmor-annotate.yml and is labeled "annotate". Align the job id/name with the reusable workflow it invokes to avoid confusion in logs and future edits.
| call-workflow-static-analysis: | ||
| name: Static analysis | ||
| uses: MiraGeoscience/CI-tools/.github/workflows/reusable-python-static_analysis.yml@v2 | ||
| uses: MiraGeoscience/CI-tools/.github/workflows/reusable-python-static_analysis.yml@v3 |
There was a problem hiding this comment.
The PR title implies migrating CI-tools usage to @v3, but .github/workflows/issue_to_jira.yml still references MiraGeoscience/CI-tools/...@v2. Either update the remaining workflow to @v3 as well, or narrow/adjust the PR title/scope so it reflects what's actually upgraded.
|
see instead: #124 |
No description provided.