d2205b11a7
Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node), [actions/setup-go](https://github.com/actions/setup-go) and [actions/cache](https://github.com/actions/cache). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](8e8c483db8...de0fac2e45) Updates `actions/setup-node` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](395ad32622...6044e13b5d) Updates `actions/setup-go` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](4dc6199c7b...7a3fe6cf4c) Updates `actions/cache` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](9255dc7a25...8b402f58fb) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jason Cameron <git@jsn.cam>
35 lines
938 B
YAML
35 lines
938 B
YAML
name: zizmor
|
|
|
|
on:
|
|
push:
|
|
paths:
|
|
- '.github/workflows/*.ya?ml'
|
|
pull_request:
|
|
paths:
|
|
- '.github/workflows/*.ya?ml'
|
|
|
|
jobs:
|
|
zizmor:
|
|
name: zizmor latest via PyPI
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install the latest version of uv
|
|
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
|
|
|
|
- name: Run zizmor 🌈
|
|
run: uvx zizmor --format sarif . > results.sarif
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Upload SARIF file
|
|
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
|
|
with:
|
|
sarif_file: results.sarif
|
|
category: zizmor
|