ci: add zizmor security linting (#313)

## Summary Adds [zizmor](https://github.com/woodruffw/zizmor) security linting to the CI workflow to scan GitHub Actions workflows for security issues. ## Changes - Added `permissions: security-events: write` to the `lint` job (required for zizmor) - Added `zizmorcore/zizmor-action@v0.4.1` step after actionlint Mirrors the setup in [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv/blob/803947b9bd8e9f986429fa0c5a41c367cd732b41/.github/workflows/test.yml#L29-L30).
2026-05-12 20:50:14 +02:00 · 2026-01-30 19:37:28 +01:00
parent aedff8d295
commit 1977806bc6
1 changed files with 4 additions and 0 deletions
@@ -15,12 +15,16 @@ permissions: {}
 jobs:
  lint:
    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # for zizmor
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Actionlint
        uses: eifinger/actionlint-action@447fbfe7533062b7a9ea55f790f2396fba6d052a  # v1.10.0
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@135698455da5c3b3e55f73f4419e481ab68cdd95 # v0.4.1
      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
        with:
          node-version: "20"