Skip to content

chore: purge retired QZP SaaS support code + workflow least-privilege#92

Merged
Prekzursil merged 1 commit into
mainfrom
chore/ruff-cleanup-workflow-permissions
Jun 25, 2026
Merged

chore: purge retired QZP SaaS support code + workflow least-privilege#92
Prekzursil merged 1 commit into
mainfrom
chore/ruff-cleanup-workflow-permissions

Conversation

@Prekzursil

Copy link
Copy Markdown
Owner

Follow-up to #91. Removes the leftover source code that supported the now-retired Quality Zero (QZP) / visual-SaaS machinery and tightens workflow permissions.

Removed (retired QZP support code)

  • scripts/quality/*.py — QZP SaaS gate scripts (codacy/sonar/sentry/deepscan zero-checks, required-checks/secrets asserts, coverage assert). Invoked only by the deleted quality-zero workflows. Clears the CodeQL py/path-injection + py/partial-ssrf + unused-variable alerts rooted there.
  • frontend/webcoder_ui/e2e/**, playwright.chromatic.config.ts, and the orphaned e2e:chromatic / e2e:applitools npm scripts — Chromatic / Applitools visual-SaaS tests, run only by the retired visual workflows. Clears the js/path-injection alert in the applitools spec.

Added

  • permissions: contents: read on django.yml and django_ci.yml — clears the CodeQL actions/missing-workflow-permissions alerts.

The lean quality gate and verify reference none of the removed paths. The genuine app CI is unaffected.

…lege

Removes the support code for the retired Quality Zero (QZP) / visual-SaaS
machinery (workflows already deleted in #91):

- scripts/quality/*.py — QZP SaaS gate scripts (check_codacy_zero,
  check_sonar_zero, check_sentry_zero, check_deepscan_zero,
  check_required_checks, check_quality_secrets, assert_coverage_100);
  only ever invoked by the deleted quality-zero workflows. Clears the
  CodeQL py/path-injection + py/partial-ssrf + unused-variable alerts
  rooted in these files.
- frontend/webcoder_ui/e2e/** + playwright.chromatic.config.ts and the
  orphaned e2e:chromatic / e2e:applitools npm scripts — Chromatic /
  Applitools visual-SaaS tests, run only by the retired visual workflows.

Also adds 'permissions: contents: read' to django.yml and django_ci.yml
(least privilege), clearing the CodeQL actions/missing-workflow-permissions
alerts.

The lean 'quality' gate and 'verify' do not reference any removed path.
@chatgpt-codex-connector

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@Prekzursil Prekzursil merged commit 1e6e7db into main Jun 25, 2026
9 checks passed
@Prekzursil Prekzursil deleted the chore/ruff-cleanup-workflow-permissions branch June 25, 2026 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant