diff --git a/crates/github-actions-models/src/dependabot/v2.rs b/crates/github-actions-models/src/dependabot/v2.rs index c9acb3e6..efa0d75a 100644 --- a/crates/github-actions-models/src/dependabot/v2.rs +++ b/crates/github-actions-models/src/dependabot/v2.rs @@ -442,11 +442,10 @@ impl<'de> Deserialize<'de> for Schedule { )); } - if schedule.interval != Interval::Weekly && schedule.day.is_some() { - return Err(custom_error::( - "`schedule.day` is only valid when `schedule.interval` is `weekly`", - )); - } + // NOTE(ww): `day` only makes sense with `interval: weekly`, but + // Dependabot appears to silently ignore it otherwise. Consequently, + // we don't check that for now. + // See https://github.com/zizmorcore/zizmor/issues/1305. Ok(schedule) } diff --git a/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml b/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml deleted file mode 100644 index 01dcdaaf..00000000 --- a/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml +++ /dev/null @@ -1,7 +0,0 @@ -version: 2 -updates: - - package-ecosystem: npm - directory: "/" - schedule: - interval: daily - day: monday diff --git a/crates/github-actions-models/tests/sample-dependabot/v2/issue-1305.yml b/crates/github-actions-models/tests/sample-dependabot/v2/issue-1305.yml new file mode 100644 index 00000000..72fe48b3 --- /dev/null +++ b/crates/github-actions-models/tests/sample-dependabot/v2/issue-1305.yml @@ -0,0 +1,13 @@ +# https://github.com/zizmorcore/zizmor/issues/1305 + +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + day: sunday + commit-message: + prefix: ci + labels: + - dependencies diff --git a/crates/github-actions-models/tests/test_dependabot_v2.rs b/crates/github-actions-models/tests/test_dependabot_v2.rs index af1b05d9..6a55a72a 100644 --- a/crates/github-actions-models/tests/test_dependabot_v2.rs +++ b/crates/github-actions-models/tests/test_dependabot_v2.rs @@ -115,15 +115,6 @@ fn test_schedule_cronjob_rejected_for_non_cron() { ); } -#[test] -fn test_schedule_day_only_for_weekly() { - let err = load_dependabot_result("day-on-daily.invalid.yml").unwrap_err(); - assert!( - err.to_string() - .contains("`schedule.day` is only valid when `schedule.interval` is `weekly`") - ); -} - #[test] fn test_schedule_weekly_accepts_day() { let dependabot = load_dependabot("weekly-with-day.yml"); diff --git a/docs/release-notes.md b/docs/release-notes.md index dc1e208f..3af1a1f1 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -17,6 +17,12 @@ of `zizmor`. accordingly, improving the quality of panic reports when running in CI (#1307) +### Bug Fixes 🐛 + +* Fixed a bug where `zizmor` would reject some Dependabot configuration + files with logically unsound schedules (but that are accepted by GitHub + regardless) (#1308) + ## 1.16.1 ### Enhancements 🌱