Fix lint warnings in `release.yml` by ShaharNaveh · Pull Request #7538 · RustPython/RustPython

github-advanced-security

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 3dd4efab-c650-4100-9a98-f1e1a0b71cd7

📥 Commits

Reviewing files that changed from the base of the PR and between bb54085 and f80f93e.

📒 Files selected for processing (1)

.github/workflows/release.yml

✅ Files skipped from review due to trivial changes (1)

.github/workflows/release.yml

📝 Walkthrough

Walkthrough

Pins GitHub Actions used in the release workflow to specific commit SHAs, removes the workflow-level contents: write permission, and converts the WABT action's with configuration from an inline mapping to a multi-line mapping while keeping the same version values.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow configuration `/.github/workflows/release.yml`	Removed workflow-level `permissions: contents: write`; pinned `dtolnay/rust-toolchain@stable`, `mwilliamson/setup-wabt-action@v3`, and `peaceiris/actions-gh-pages@v4` to specific commit SHAs; changed `with` for WABT from inline to multi-line mapping (kept `wabt-version: "1.0.30"`); preserved deploy step inputs and conditions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Cleanup release.yml a bit #7499 — Also pins third-party GitHub Actions to specific commit SHAs in .github/workflows/release.yml.
Adjust permissions of update-doc-db job #7496 — Removes or tightens workflow-level contents: write permissions in workflow files.
Pin rust-toolchain action to a commit hash - part 1 #7500 — Pins dtolnay/rust-toolchain action to a specific commit SHA across workflows.

Suggested labels

skip:ci

Suggested reviewers

youknowone

Poem

🐰 I hopped through YAML lines tonight,

Pinned each action snug and tight,
Took away a write of old,
Kept the versions, neat and bold,
Builds will hum without a fright.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix lint warnings in `release.yml`' accurately describes the main change - pinning GitHub Actions to specific commit SHAs and adjusting configuration structure to resolve lint warnings in the release workflow file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}