Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package zizmor for openSUSE:Factory checked in at 2025-10-17 17:26:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zizmor (Old) and /work/SRC/openSUSE:Factory/.zizmor.new.18484 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zizmor" Fri Oct 17 17:26:22 2025 rev:19 rq:1311832 version:1.15.2 Changes: -------- --- /work/SRC/openSUSE:Factory/zizmor/zizmor.changes 2025-10-14 18:11:55.727944052 +0200 +++ /work/SRC/openSUSE:Factory/.zizmor.new.18484/zizmor.changes 2025-10-17 17:27:55.779418951 +0200 @@ -1,0 +2,9 @@ +Fri Oct 17 05:04:53 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 1.15.2: + * Bug Fixes + - Fixed a bug where zizmor would fail to parse some Dependabot + configuration files due to missing support for some schedule + formats (#1247) + +------------------------------------------------------------------- Old: ---- zizmor-1.15.1.obscpio New: ---- zizmor-1.15.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zizmor.spec ++++++ --- /var/tmp/diff_new_pack.SgBvgn/_old 2025-10-17 17:27:59.195562841 +0200 +++ /var/tmp/diff_new_pack.SgBvgn/_new 2025-10-17 17:27:59.215563683 +0200 @@ -17,7 +17,7 @@ Name: zizmor -Version: 1.15.1 +Version: 1.15.2 Release: 0 Summary: A static analysis tool for GitHub Actions License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.SgBvgn/_old 2025-10-17 17:27:59.559578174 +0200 +++ /var/tmp/diff_new_pack.SgBvgn/_new 2025-10-17 17:27:59.631581206 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.15.1</param> + <param name="revision">v1.15.2</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.SgBvgn/_old 2025-10-17 17:27:59.775587272 +0200 +++ /var/tmp/diff_new_pack.SgBvgn/_new 2025-10-17 17:27:59.827589462 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/woodruffw/zizmor</param> - <param name="changesrevision">7984062d3401e27eed14a6da24a4e2740f6d2aee</param></service></servicedata> + <param name="changesrevision">a4c6c3bb9f28d73aa75605af2bacf69eb177cefa</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/zizmor/vendor.tar.zst /work/SRC/openSUSE:Factory/.zizmor.new.18484/vendor.tar.zst differ: char 7, line 1 ++++++ zizmor-1.15.1.obscpio -> zizmor-1.15.2.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/Cargo.lock new/zizmor-1.15.2/Cargo.lock --- old/zizmor-1.15.1/Cargo.lock 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/Cargo.lock 2025-10-14 16:47:25.000000000 +0200 @@ -840,7 +840,7 @@ [[package]] name = "github-actions-models" -version = "0.34.0" +version = "0.36.0" dependencies = [ "indexmap", "serde", @@ -3779,7 +3779,7 @@ [[package]] name = "zizmor" -version = "1.15.1" +version = "1.15.2" dependencies = [ "annotate-snippets", "anstream", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/Cargo.toml new/zizmor-1.15.2/Cargo.toml --- old/zizmor-1.15.1/Cargo.toml 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/Cargo.toml 2025-10-14 16:47:25.000000000 +0200 @@ -20,7 +20,7 @@ [workspace.dependencies] anyhow = "1.0.100" github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.10" } -github-actions-models = { path = "crates/github-actions-models", version = "0.34.0" } +github-actions-models = { path = "crates/github-actions-models", version = "0.36.0" } itertools = "0.14.0" pest = "2.8.3" pest_derive = "2.8.3" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/github-actions-models/Cargo.toml new/zizmor-1.15.2/crates/github-actions-models/Cargo.toml --- old/zizmor-1.15.1/crates/github-actions-models/Cargo.toml 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/crates/github-actions-models/Cargo.toml 2025-10-14 16:47:25.000000000 +0200 @@ -1,6 +1,6 @@ [package] name = "github-actions-models" -version = "0.34.0" +version = "0.36.0" description = "Unofficial, high-quality data models for GitHub Actions workflows, actions, and related components" repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/github-actions-models"; keywords = ["github", "ci"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/github-actions-models/src/dependabot/v2.rs new/zizmor-1.15.2/crates/github-actions-models/src/dependabot/v2.rs --- old/zizmor-1.15.1/crates/github-actions-models/src/dependabot/v2.rs 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/crates/github-actions-models/src/dependabot/v2.rs 2025-10-14 16:47:25.000000000 +0200 @@ -7,6 +7,8 @@ use indexmap::{IndexMap, IndexSet}; use serde::Deserialize; +use crate::common::custom_error; + /// A `dependabot.yml` configuration file. #[derive(Deserialize, Debug)] #[serde(rename_all = "kebab-case")] @@ -310,12 +312,48 @@ /// Scheduling settings for Dependabot updates. #[derive(Deserialize, Debug)] -#[serde(rename_all = "kebab-case")] +#[serde(rename_all = "kebab-case", remote = "Self")] pub struct Schedule { pub interval: Interval, pub day: Option<Day>, pub time: Option<String>, pub timezone: Option<String>, + pub cronjob: Option<String>, +} + +impl<'de> Deserialize<'de> for Schedule { + fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> + where + D: serde::Deserializer<'de>, + { + let schedule = Self::deserialize(deserializer)?; + + if schedule.interval == Interval::Cron && schedule.cronjob.is_none() { + return Err(custom_error::<D>( + "`schedule.cronjob` must be set when `schedule.interval` is `cron`", + )); + } + + if schedule.interval != Interval::Cron && schedule.cronjob.is_some() { + return Err(custom_error::<D>( + "`schedule.cronjob` may only be set when `schedule.interval` is `cron`", + )); + } + + if schedule.interval != Interval::Weekly && schedule.day.is_some() { + return Err(custom_error::<D>( + "`schedule.day` is only valid when `schedule.interval` is `weekly`", + )); + } + + Ok(Self { + interval: schedule.interval, + day: schedule.day, + time: schedule.time, + timezone: schedule.timezone, + cronjob: schedule.cronjob, + }) + } } /// Schedule intervals. @@ -325,6 +363,10 @@ Daily, Weekly, Monthly, + Quarterly, + Semiannually, + Yearly, + Cron, } /// Days of the week. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/cron-missing-cronjob.invalid.yml new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/cron-missing-cronjob.invalid.yml --- old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/cron-missing-cronjob.invalid.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/cron-missing-cronjob.invalid.yml 2025-10-14 16:47:25.000000000 +0200 @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: "/" + schedule: + interval: cron diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/cronjob-on-daily.invalid.yml new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/cronjob-on-daily.invalid.yml --- old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/cronjob-on-daily.invalid.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/cronjob-on-daily.invalid.yml 2025-10-14 16:47:25.000000000 +0200 @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: "/" + schedule: + interval: daily + cronjob: "0 3 * * *" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml --- old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml 2025-10-14 16:47:25.000000000 +0200 @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: "/" + schedule: + interval: daily + day: monday diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/weekly-with-day.yml new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/weekly-with-day.yml --- old/zizmor-1.15.1/crates/github-actions-models/tests/sample-dependabot/v2/weekly-with-day.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/zizmor-1.15.2/crates/github-actions-models/tests/sample-dependabot/v2/weekly-with-day.yml 2025-10-14 16:47:25.000000000 +0200 @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: "/" + schedule: + interval: weekly + day: friday diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/github-actions-models/tests/test_dependabot_v2.rs new/zizmor-1.15.2/crates/github-actions-models/tests/test_dependabot_v2.rs --- old/zizmor-1.15.1/crates/github-actions-models/tests/test_dependabot_v2.rs 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/crates/github-actions-models/tests/test_dependabot_v2.rs 2025-10-14 16:47:25.000000000 +0200 @@ -1,26 +1,51 @@ -use std::path::Path; +use std::path::{Path, PathBuf}; use github_actions_models::dependabot::v2::{ - Dependabot, Directories, Interval, PackageEcosystem, RebaseStrategy, + Day, Dependabot, Directories, Interval, PackageEcosystem, RebaseStrategy, }; use indexmap::IndexSet; +fn sample_dir() -> PathBuf { + Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/sample-dependabot/v2") +} + +fn load_dependabot_result(name: &str) -> Result<Dependabot, serde_yaml::Error> { + let workflow_path = sample_dir().join(name); + let dependabot_contents = std::fs::read_to_string(&workflow_path) + .unwrap_or_else(|err| panic!("failed to read {}: {err}", workflow_path.display())); + serde_yaml::from_str(&dependabot_contents) +} + fn load_dependabot(name: &str) -> Dependabot { - let workflow_path = Path::new(env!("CARGO_MANIFEST_DIR")) - .join("tests/sample-dependabot/v2") - .join(name); - let dependabot_contents = std::fs::read_to_string(workflow_path).unwrap(); - serde_yaml::from_str(&dependabot_contents).unwrap() + load_dependabot_result(name).unwrap() } #[test] fn test_load_all() { - let sample_configs = Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/sample-dependabot/v2"); + for sample_config in std::fs::read_dir(sample_dir()).unwrap() { + let sample_path = sample_config.unwrap().path(); - for sample_config in std::fs::read_dir(sample_configs).unwrap() { - let sample_workflow = sample_config.unwrap().path(); - let contents = std::fs::read_to_string(sample_workflow).unwrap(); - serde_yaml::from_str::<Dependabot>(&contents).unwrap(); + if sample_path.extension().and_then(|ext| ext.to_str()) != Some("yml") { + continue; + } + + let sample_name = sample_path + .file_name() + .and_then(|name| name.to_str()) + .expect("sample file name not valid UTF-8"); + + let result = load_dependabot_result(sample_name); + + let is_invalid = sample_name.contains(".invalid."); + + if is_invalid { + assert!( + result.is_err(), + "expected {sample_name} to fail deserialization" + ); + } else { + result.unwrap(); + } } } @@ -71,3 +96,39 @@ IndexSet::from(["*".to_string()]) ); } + +#[test] +fn test_schedule_cron_requires_expression() { + let err = load_dependabot_result("cron-missing-cronjob.invalid.yml").unwrap_err(); + assert!( + err.to_string() + .contains("`schedule.cronjob` must be set when `schedule.interval` is `cron`") + ); +} + +#[test] +fn test_schedule_cronjob_rejected_for_non_cron() { + let err = load_dependabot_result("cronjob-on-daily.invalid.yml").unwrap_err(); + assert!( + err.to_string() + .contains("`schedule.cronjob` may only be set when `schedule.interval` is `cron`") + ); +} + +#[test] +fn test_schedule_day_only_for_weekly() { + let err = load_dependabot_result("day-on-daily.invalid.yml").unwrap_err(); + assert!( + err.to_string() + .contains("`schedule.day` is only valid when `schedule.interval` is `weekly`") + ); +} + +#[test] +fn test_schedule_weekly_accepts_day() { + let dependabot = load_dependabot("weekly-with-day.yml"); + assert_eq!(dependabot.updates.len(), 1); + let schedule = &dependabot.updates[0].schedule; + assert_eq!(schedule.interval, Interval::Weekly); + assert_eq!(schedule.day, Some(Day::Friday)); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/crates/zizmor/Cargo.toml new/zizmor-1.15.2/crates/zizmor/Cargo.toml --- old/zizmor-1.15.1/crates/zizmor/Cargo.toml 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/crates/zizmor/Cargo.toml 2025-10-14 16:47:25.000000000 +0200 @@ -1,7 +1,7 @@ [package] name = "zizmor" description = "Static analysis for GitHub Actions" -version = "1.15.1" +version = "1.15.2" repository = "https://github.com/zizmorcore/zizmor"; documentation = "https://docs.zizmor.sh"; keywords = ["cli", "github-actions", "static-analysis", "security"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/docs/integrations.md new/zizmor-1.15.2/docs/integrations.md --- old/zizmor-1.15.1/docs/integrations.md 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/docs/integrations.md 2025-10-14 16:47:25.000000000 +0200 @@ -256,7 +256,7 @@ ```yaml - repo: https://github.com/zizmorcore/zizmor-pre-commit - rev: v1.15.1 # (1)! + rev: v1.15.2 # (1)! hooks: - id: zizmor ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/zizmor-1.15.1/docs/release-notes.md new/zizmor-1.15.2/docs/release-notes.md --- old/zizmor-1.15.1/docs/release-notes.md 2025-10-14 05:19:42.000000000 +0200 +++ new/zizmor-1.15.2/docs/release-notes.md 2025-10-14 16:47:25.000000000 +0200 @@ -9,6 +9,13 @@ ## Next (UNRELEASED) +## 1.15.2 + +### Bug Fixes 🐛 + +* Fixed a bug where `zizmor` would fail to parse some Dependabot configuration + files due to missing support for some schedule formats (#1247) + ## 1.15.1 ### Bug Fixes 🐛 ++++++ zizmor.obsinfo ++++++ --- /var/tmp/diff_new_pack.SgBvgn/_old 2025-10-17 17:28:01.831673876 +0200 +++ /var/tmp/diff_new_pack.SgBvgn/_new 2025-10-17 17:28:01.899676740 +0200 @@ -1,5 +1,5 @@ name: zizmor -version: 1.15.1 -mtime: 1760411982 -commit: 7984062d3401e27eed14a6da24a4e2740f6d2aee +version: 1.15.2 +mtime: 1760453245 +commit: a4c6c3bb9f28d73aa75605af2bacf69eb177cefa
