mirror of
https://github.com/huggingface/lerobot.git
synced 2026-05-31 10:51:35 +00:00
b746cd3c61
Pre-commit Quality gate flagged two issues: 1. ruff/isort: `from numbers import Real` must sort after `from collections.abc import Callable` (stdlib alphabetical order). 2. zizmor (high): `github.head_ref`, `github.ref_name`, `github.event.inputs.git_ref`, and `github.event.pull_request.head.sha` were expanded directly in `run:` shell blocks, which zizmor flags as attacker-controllable. Move all four into job-level `env:` vars (GIT_REF, PR_NUMBER, HOST_GIT_COMMIT) so the shell only sees env-var references — the same pattern the workflow already uses for PROFILE_MODE, POLICY_FILTER, etc. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>