From 9c1af3f97ba881571a4cc9117788feebcc26c992 Mon Sep 17 00:00:00 2001
From: Aashish Jha <aashishjha1107@gmail.com>
Date: Sun, 8 Jun 2025 13:19:42 +0000
Subject: [PATCH 1/6] Added zizmor with pre-commit

---
 .pre-commit-config.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0c10de0abb4..d5d65240e58 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -265,3 +265,11 @@ repos:
         name: run oxipng
         description: check PNG files with oxipng
         args: ['-o', '4', '--strip', 'safe', '--alpha']
+  - repo: https://github.com/zizmorcore/zizmor-pre-commit
+    rev: v1.9.0
+    hooks:
+      - id: zizmor
+        name: zizmor - static analysis for GitHub Actions
+        description: Scan GitHub Actions workflows for security issues
+        files: ".github/workflows/.*\\.ya?ml$"
+        args: []

From 45fe3ba3e77201fcd3db9057bbf2dacce0cc4dbd Mon Sep 17 00:00:00 2001
From: Aashish Jha <aashishjha1107@gmail.com>
Date: Mon, 16 Jun 2025 18:14:40 +0530
Subject: [PATCH 2/6] Fixed Zizmore Lint issue

---
 .pre-commit-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d5d65240e58..f0e13ced6d0 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -271,5 +271,5 @@ repos:
       - id: zizmor
         name: zizmor - static analysis for GitHub Actions
         description: Scan GitHub Actions workflows for security issues
-        files: ".github/workflows/.*\\.ya?ml$"
-        args: []
+        files: ".github/workflows/.*\.ya?ml$"
+  

From 9b67d42cfc1555b11d8ff3c66d51cebf0bf9c00e Mon Sep 17 00:00:00 2001
From: Aashish Jha <aashishjha1107@gmail.com>
Date: Tue, 17 Jun 2025 15:22:45 +0530
Subject: [PATCH 3/6] Fixed Lint Issue in Zizmore

Passed test on
pre-commit install
pre-commit run --all-files
---
 .pre-commit-config.yaml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f0e13ced6d0..aec6875260f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -266,10 +266,9 @@ repos:
         description: check PNG files with oxipng
         args: ['-o', '4', '--strip', 'safe', '--alpha']
   - repo: https://github.com/zizmorcore/zizmor-pre-commit
-    rev: v1.9.0
-    hooks:
-      - id: zizmor
-        name: zizmor - static analysis for GitHub Actions
-        description: Scan GitHub Actions workflows for security issues
-        files: ".github/workflows/.*\.ya?ml$"
-  
+  rev: v1.9.0
+  hooks:
+    - id: zizmor
+      name: zizmor - static analysis for GitHub Actions
+      description: Scan GitHub Actions workflows for security issues
+      files: '.github/workflows/.*\.ya?ml$'

From 56759a02454837e9fd9d87e682d7c9a1472043ab Mon Sep 17 00:00:00 2001
From: Aashish Jha <aashishjha1107@gmail.com>
Date: Tue, 17 Jun 2025 19:30:31 +0530
Subject: [PATCH 4/6] Updated Zizmore

Fixed Alignment Causing Lint Error
---
 .pre-commit-config.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index aec6875260f..a2f9534ce84 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -266,9 +266,9 @@ repos:
         description: check PNG files with oxipng
         args: ['-o', '4', '--strip', 'safe', '--alpha']
   - repo: https://github.com/zizmorcore/zizmor-pre-commit
-  rev: v1.9.0
-  hooks:
-    - id: zizmor
-      name: zizmor - static analysis for GitHub Actions
-      description: Scan GitHub Actions workflows for security issues
-      files: '.github/workflows/.*\.ya?ml$'
+    rev: v1.9.0
+    hooks:
+      - id: zizmor
+        name: zizmor - static analysis for GitHub Actions
+        description: Scan GitHub Actions workflows for security issues
+        files: '.github/workflows/.*\.ya?ml$'

From 0fb20f8f785e2a81369f964bef9e308510182346 Mon Sep 17 00:00:00 2001
From: Aashish Jha <aashishjha1107@gmail.com>
Date: Sat, 21 Jun 2025 06:00:38 +0000
Subject: [PATCH 5/6] Add zizmor pre-commit hook and fix unpinned GitHub
 Actions

- Added zizmor static analysis tool for GitHub Actions security scanning
- Fixed unpinned r-lib action references in r.yml by specifying SHA hashes
- Updated hook configuration to scan workflow files for security issues
---
 .github/workflows/r.yml | 6 +++---
 .pre-commit-config.yaml | 7 +++++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/r.yml b/.github/workflows/r.yml
index 55951c4036c..81d0c768e84 100644
--- a/.github/workflows/r.yml
+++ b/.github/workflows/r.yml
@@ -81,12 +81,12 @@ jobs:
           sudo apt-get -y remove --purge default-jdk adoptopenjdk-11-hotspot || :
         shell: bash
       - uses: actions/checkout@v4
-      - uses: r-lib/actions/setup-r@v2.11.3
+      - uses: r-lib/actions/setup-r@bd49c52ffe281809afa6f0fecbf37483c5dd0b93
         with:
           r-version: ${{ matrix.r }}
           use-public-rspm: true
       - name: Query R dependencies
-        uses: r-lib/actions/setup-r-dependencies@v2.11.3
+        uses: r-lib/actions/setup-r-dependencies@bd49c52ffe281809afa6f0fecbf37483c5dd0b93
         with:
           cache: true
           extra-packages: |
@@ -94,7 +94,7 @@ jobs:
             any::rcmdcheck
           working-directory: './R'
       - name: Build and check R package
-        uses: r-lib/actions/check-r-package@v2.11.3
+        uses: r-lib/actions/check-r-package@bd49c52ffe281809afa6f0fecbf37483c5dd0b93
         with:
           build_args: 'c("--no-build-vignettes", "--no-manual")'
           args: 'c("--no-build-vignettes", "--no-manual", "--no-tests")'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0c10de0abb4..a2f9534ce84 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -265,3 +265,10 @@ repos:
         name: run oxipng
         description: check PNG files with oxipng
         args: ['-o', '4', '--strip', 'safe', '--alpha']
+  - repo: https://github.com/zizmorcore/zizmor-pre-commit
+    rev: v1.9.0
+    hooks:
+      - id: zizmor
+        name: zizmor - static analysis for GitHub Actions
+        description: Scan GitHub Actions workflows for security issues
+        files: '.github/workflows/.*\.ya?ml$'

From 05b64364b5a4c5830bf5d5e46d8bcae5823dc49b Mon Sep 17 00:00:00 2001
From: Aashish Jha <aashishjha1107@gmail.com>
Date: Mon, 23 Jun 2025 06:12:58 +0000
Subject: [PATCH 6/6] reverted back the tag-based reference

---
 .github/workflows/r.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/r.yml b/.github/workflows/r.yml
index 81d0c768e84..836d587d49a 100644
--- a/.github/workflows/r.yml
+++ b/.github/workflows/r.yml
@@ -81,12 +81,12 @@ jobs:
           sudo apt-get -y remove --purge default-jdk adoptopenjdk-11-hotspot || :
         shell: bash
       - uses: actions/checkout@v4
-      - uses: r-lib/actions/setup-r@bd49c52ffe281809afa6f0fecbf37483c5dd0b93
+      - uses: r-lib/actions/setup-r@v2.11.3
         with:
           r-version: ${{ matrix.r }}
           use-public-rspm: true
       - name: Query R dependencies
-        uses: r-lib/actions/setup-r-dependencies@bd49c52ffe281809afa6f0fecbf37483c5dd0b93
+        uses: r-lib/actions/setup-r-dependencies@v2.11.3
         with:
           cache: true
           extra-packages: |
@@ -94,7 +94,7 @@ jobs:
             any::rcmdcheck
           working-directory: './R'
       - name: Build and check R package
-        uses: r-lib/actions/check-r-package@bd49c52ffe281809afa6f0fecbf37483c5dd0b93
+        uses: r-lib/actions/check-r-package@v2.11.3
         with:
           build_args: 'c("--no-build-vignettes", "--no-manual")'
           args: 'c("--no-build-vignettes", "--no-manual", "--no-tests")'
@@ -150,4 +150,4 @@ jobs:
           path: /tmp/sparklyr.log
       - name: Dump worker logs on failure
         if: failure()
-        run: cat /tmp/sparklyr.log
+        run: cat /tmp/sparklyr.log
\ No newline at end of file