[PM-28029] Address SonarCloud and zizmor errors (#2124)

.github/actions/dispatch-and-download/action.yml

@@ -1,97 +0,0 @@
-name: Dispatch Workflow and Download Artifacts
-description: 'Dispatches a workflow, waits for completion, and downloads artifacts'
-inputs:
-  token:
-    description: GitHub Personal Access Token for making API requests.
-    required: true
-  workflow:
-    description: The workflow to dispatch, can be a filename or ID
-    required: true
-  ref:
-    description: The branch or tag to dispatch the workflow on
-    default: 'main'
-  repo:
-    description: Repository of the action to dispatch.
-    default: ${{ github.repository }}
-  owner:
-    description: Owner of the given repository.
-    default: ${{ github.repository_owner }}
-  workflow_timeout_seconds:
-    description: Time until giving up waiting for the start of the workflow run.
-    default: 120
-  workflow_inputs:
-    description: A flat JSON object, only supports strings, numbers, and booleans (as per workflow inputs API).
-  distinct_id:
-    description: Specify a static string to use instead of a random distinct ID.
-runs:
-  using: "composite"
-  steps:
-    - name: Log inputs to job summary
-      shell: bash
-      run: |
-        echo "<details><summary>Dispatch and Download Action Workflow Inputs</summary>" >> $GITHUB_STEP_SUMMARY
-        echo "" >> $GITHUB_STEP_SUMMARY
-        echo '```json' >> $GITHUB_STEP_SUMMARY
-        echo '${{ toJson(inputs) }}' >> $GITHUB_STEP_SUMMARY
-        echo '```' >> $GITHUB_STEP_SUMMARY
-        echo "</details>" >> $GITHUB_STEP_SUMMARY
-
-    - name: Dispatch an action and get the run ID and URL
-      uses: codex-/return-dispatch@72a3b5d4ff36e4319a7b1ab5b686c778ee02fa37 # v2.1.0
-      id: return_dispatch
-      with:
-        token: ${{ inputs.token }}
-        ref: ${{ inputs.ref }}
-        repo: ${{ inputs.repo }}
-        owner: ${{ inputs.owner }}
-        workflow: ${{ inputs.workflow }}
-        workflow_timeout_seconds: ${{ inputs.workflow_timeout_seconds }}
-        workflow_inputs: ${{ inputs.workflow_inputs }}
-        distinct_id: ${{ inputs.distinct_id }}
-
-    - name: Use the output run ID and URL
-      shell: bash
-      run: |
-        echo ${{steps.return_dispatch.outputs.run_id}}
-        echo ${{steps.return_dispatch.outputs.run_url}}
-    - name: Wait for workflow to finish
-      shell: bash
-      run: |
-        sleep 5
-
-        timeout="30" # in seconds
-        interval="10" # in seconds
-        counter=0
-        timeout_counter=0
-        url="https://api.github.com/repos/${{ inputs.owner }}/${{ inputs.repo }}/actions/runs/${{steps.return_dispatch.outputs.run_id}}"
-        while true; do
-          run_data=$(curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ inputs.token }}" $url)
-          status=$(echo "$run_data" | jq -r '.status')
-
-          echo "Try -> $timeout_counter; status -> $status"
-          if [ "$status" = "completed" ]; then
-            conclusion=$(echo "$run_data" | jq -r '.conclusion')
-            if [ "$conclusion" != "success" ]; then
-              echo "::error::Dispatched workflow failed."
-              exit 1
-            else
-              echo "::debug::Dispatched workflow completed successfully!"
-              break
-            fi
-          fi
-
-          timeout_counter=$((timeout_counter + 1))
-          if [ $((timeout_counter * interval)) -ge $((timeout * 60)) ]; then
-            echo "::error::Timeout waiting for the Dispatched workflow to complete."
-            exit 1
-          fi
-
-          sleep $interval
-        done
-
-    - name: Download all artifacts
-      uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
-      id: download
-      with:
-        run-id: ${{steps.return_dispatch.outputs.run_id}}
-        github-token: ${{ inputs.token }}

.github/workflows/_version.yml

@@ -108,7 +108,7 @@ jobs:
 
           latest_tag_version=$(git tag -l --sort=-creatordate | grep "$APP_CODENAME" | head -n 1)
           if [[ -z "$latest_tag_version" ]]; then
-            version_name="${current_year}.${current_month}.${_PATCH_VERSION}"
+            version_name="${current_year}.${current_month}.${_PATCH_VERSION:-0}"
             echo "::warning::No tags found, did you checkout? Calculating version from current date: $version_name"
             output "$version_name"
             exit 0

.github/workflows/ci-bwa.yml

@@ -58,7 +58,6 @@ jobs:
       version_name: ${{ inputs.version-name }}
       version_number: ${{ inputs.version-number }}
       patch_version: ${{ inputs.patch_version && '999' || '' }}
-    secrets: inherit
 
   build-manual:
     name: Build Manual - ${{ inputs.build-mode }}

.github/workflows/ci-bwpm.yml

@@ -61,7 +61,6 @@ jobs:
       version_name: ${{ inputs.version-name }}
       version_number: ${{ inputs.version-number }}
       patch_version: ${{ inputs.patch_version && '999' || '' }}
-    secrets: inherit
 
   build-manual:
     name: Build Manual - ${{ inputs.build-variant }} (${{ inputs.build-mode }})