| # https://github.com/woodruffw/zizmor |
| name: Zizmor |
| |
| on: |
| push: |
| branches: ["main"] |
| pull_request: |
| branches: ["*"] |
| |
| permissions: |
| contents: read |
| |
| |
| jobs: |
| zizmor: |
| name: Zizmor latest via PyPI |
| runs-on: ubuntu-latest |
| permissions: |
| security-events: write |
| steps: |
| - name: Checkout repository |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| with: |
| persist-credentials: false |
| - uses: hynek/setup-cached-uv@757bedc3f972eb7227a1aa657651f15a8527c817 # v2.3.0 |
| |
| - name: Run zizmor 🌈 |
| run: uvx zizmor --format sarif . > results.sarif |
| env: |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| |
| - name: Upload SARIF file |
| uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 |
| with: |
| # Path to SARIF file relative to the root of the repository |
| sarif_file: results.sarif |
| # Optional category for the results |
| # Used to differentiate multiple results for one commit |
| category: zizmor |
