chore(deps): lock file maintenance #320

	name: GitHub Actions Security Analysis with zizmor 🌈
	on:
	push:
	branches: ["main"]
	pull_request:
	branches: ["**"]

	env:
	FORCE_COLOR: 1
	# renovate: datasource=pypi depName=uv
	UV_VERSION: 0.5.21
	# renovate: datasource=pypi depName=zizmor
	ZIZMOR_VERSION: 1.2.1

	jobs:
	zizmor:
	runs-on: ubuntu-24.04
	permissions:
	security-events: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false

	- name: Install uv
	uses: astral-sh/setup-uv@b5f58b2abc5763ade55e4e9d0fe52cd1ff7979ca # v5.2.1
	with:
	version: ${{ env.UV_VERSION }}

	- name: Run zizmor 🌈
	run: >
	uvx --with zizmor==${{ env.ZIZMOR_VERSION }}
	zizmor --format sarif . > results.sarif
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5
	with:
	sarif_file: results.sarif
	category: zizmor

Provide feedback