Skip to content

ci: automated safe autofixes#1074

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
fix/autofix-weekly
Open

ci: automated safe autofixes#1074
github-actions[bot] wants to merge 1 commit into
mainfrom
fix/autofix-weekly

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Summary

Apply scheduled/manual safe autofixes for scoped Python targets.

What changed

  • Ran ruff check --fix on approved Python paths
  • Ran black on approved Python paths
  • Verified lint and formatting
  • Ran targeted pytest where supported

Scope

  • apps/aria/
  • shared/
  • scripts/
  • function_app.py

Testing

  • Ruff verification
  • Black verification
  • Targeted pytest (when supported)

Risk & Impact

  • Intended to be low risk and non-functional
  • Scoped to approved Python paths only
  • Review recommended before merge

@stepsecurity-app

Copy link
Copy Markdown
Contributor

Security Policy Alert: Harden Runner Policy Violation

This workflow run has been blocked by StepSecurity's Harden Runner policy.

This workflow run was blocked because one or more jobs are missing the Harden-Runner action, or it is not properly configured, which can introduce agent-bypass risk.

Jobs not protected by Harden Runner:

  • .github/workflows/dependabot-auto-merge.yml::dependabot

Update the affected jobs so Harden Runner is initialized before any other action or command runs.

For more information, see StepSecurity's Harden Runner documentation.

@stepsecurity-app

Copy link
Copy Markdown
Contributor

Security Policy Alert: Harden Runner Policy Violation

This workflow run has been blocked by StepSecurity's Harden Runner policy.

This workflow run was blocked because one or more jobs are missing the Harden-Runner action, or it is not properly configured, which can introduce agent-bypass risk.

Jobs not protected by Harden Runner:

  • .github/workflows/pr-checks.yml::policy-gate

Update the affected jobs so Harden Runner is initialized before any other action or command runs.

For more information, see StepSecurity's Harden Runner documentation.

@stepsecurity-app

Copy link
Copy Markdown
Contributor

Security Policy Alert: Harden Runner Policy Violation

This workflow run has been blocked by StepSecurity's Harden Runner policy.

This workflow run was blocked because one or more jobs are missing the Harden-Runner action, or it is not properly configured, which can introduce agent-bypass risk.

Jobs not protected by Harden Runner:

  • .github/workflows/dependabot-auto-label.yml::dependabot

Update the affected jobs so Harden Runner is initialized before any other action or command runs.

For more information, see StepSecurity's Harden Runner documentation.

@stepsecurity-app

Copy link
Copy Markdown
Contributor

Security Policy Alert: Harden Runner Policy Violation

This workflow run has been blocked by StepSecurity's Harden Runner policy.

This workflow run was blocked because one or more jobs are missing the Harden-Runner action, or it is not properly configured, which can introduce agent-bypass risk.

Jobs not protected by Harden Runner:

  • .github/workflows/ossar.yml::ossar-scan

Update the affected jobs so Harden Runner is initialized before any other action or command runs.

For more information, see StepSecurity's Harden Runner documentation.

@bryan-roe-bot

bryan-roe-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Semgrep found 6 rule findings:

Semgrep found a match

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant