maint: fix pedantic zizmor problems

2026-01-20 14:00:38 +00:00 · 2026-01-06 09:33:00 +01:00
parent 61274252af
commit f845dc71b1
9 changed files with 39 additions and 12 deletions
--- a/.github/actions/docker-tags/action.yml
+++ b/.github/actions/docker-tags/action.yml
@@ -46,8 +46,9 @@ runs:
      id: tags
      env:
        BRANCH_NAME_INPUT: ${{ github.event.inputs.branch_name }}
+        EVENT_NAME: ${{ github.event_name }}
      run: |
-        if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+        if [ "${EVENT_NAME}" = "workflow_dispatch" ]; then
          BRANCH_NAME="${BRANCH_NAME_INPUT}"
        else
          BRANCH_NAME="${GITHUB_REF##*/}"
--- a/.github/workflows/binance-lev-tier-update.yml
+++ b/.github/workflows/binance-lev-tier-update.yml
@@ -6,11 +6,16 @@ on:
  # on demand
  workflow_dispatch:

+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

 jobs:
  auto-update:
+    name: "Auto Update Binance Leverage Tiers"
    runs-on: ubuntu-latest
    environment:
      name: develop
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,8 +16,8 @@ on:
 concurrency:
  group: "${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}"
  cancel-in-progress: true
-permissions:
-  repository-projects: read
+permissions: {}
+
 jobs:
  tests:
    name: "Tests and Linting"
@@ -275,6 +275,7 @@ jobs:

  # Notify only once - when CI completes (and after deploy) in case it's successful
  notify-complete:
+    name: "Notify CI Completion"
    needs: [
      build,
      build-linux-online
@@ -282,8 +283,6 @@ jobs:
    runs-on: ubuntu-22.04
    # Discord notification can't handle schedule events
    if: github.event_name != 'schedule' && github.repository == 'freqtrade/freqtrade'
-    permissions:
-      repository-projects: read
    steps:

    - name: Check user permission
@@ -365,7 +364,7 @@ jobs:
      name: testpypi
      url: https://test.pypi.org/p/freqtrade
    permissions:
-      id-token: write
+      id-token: write # Needed for pypa/gh-action-pypi-publish

    steps:
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
@@ -394,7 +393,7 @@ jobs:
      name: pypi
      url: https://pypi.org/p/freqtrade
    permissions:
-      id-token: write
+      id-token: write # Needed for pypa/gh-action-pypi-publish

    steps:
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
@@ -420,7 +419,7 @@ jobs:
    if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'release') && github.repository == 'freqtrade/freqtrade'
    uses: ./.github/workflows/docker-build.yml
    permissions:
-      packages: write
+      packages: write # Needed to push package versions
      contents: read
    secrets:
      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
@@ -434,6 +433,6 @@ jobs:
    # Only run on push, schedule, or release events
    if: (github.event_name == 'push' || github.event_name == 'schedule') && github.repository == 'freqtrade/freqtrade'
    permissions:
-      packages: write
+      packages: write # Needed to delete package versions
    with:
      package_name: 'freqtrade'
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -11,6 +11,9 @@ on:
 # disable permissions for all of the available permissions
 permissions: {}

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true

 jobs:
  build-docs:
--- a/.github/workflows/devcontainer-build.yml
+++ b/.github/workflows/devcontainer-build.yml
@@ -22,8 +22,9 @@ permissions:

 jobs:
  build-and-push:
+    name: "Build and Push Devcontainer Image"
    permissions:
-      packages: write
+      packages: write  # Needed to push package versions
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -17,6 +17,10 @@ on:
        default: 'develop'
        type: string

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions:
  contents: read

@@ -159,7 +163,7 @@ jobs:
  deploy-arm:
    name: "Deploy Docker ARM64"
    permissions:
-      packages: write
+      packages: write # Needed to push package versions
    needs: [ deploy-docker ]
    # Only run on 64bit machines
    runs-on: [self-hosted, linux, ARM64]
--- a/.github/workflows/docker-update-readme.yml
+++ b/.github/workflows/docker-update-readme.yml
@@ -4,11 +4,16 @@ on:
    branches:
    - stable

+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
 # disable permissions for all of the available permissions
 permissions: {}

 jobs:
  dockerHubDescription:
+    name: "Update Docker Hub Description"
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
--- a/.github/workflows/packages-cleanup.yml
+++ b/.github/workflows/packages-cleanup.yml
@@ -25,6 +25,10 @@ on:
        default: true
        type: boolean

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: false
+
 env:
  PACKAGE_NAME: "freqtrade"

@@ -37,7 +41,7 @@ jobs:
    runs-on: ubuntu-24.04
    if: github.repository == 'freqtrade/freqtrade'
    permissions:
-      packages: write
+      packages: write  # Needed to delete package versions

    steps:
    - name: "Delete untagged Package Versions"
--- a/.github/workflows/pre-commit-update.yml
+++ b/.github/workflows/pre-commit-update.yml
@@ -9,8 +9,13 @@ on:
 permissions:
  contents: read

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
  auto-update:
+    name: Auto-update pre-commit hooks
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1