Use zizmor to lint GitHub Actions #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Lint GitHub Actions for common security issues using zizmor. | |
| # Docs: https://woodruffw.github.io/zizmor | |
| name: lint-actions | |
| # Only run on PRs and the main branch. | |
| # Pushes to branches will only trigger a run when a PR is opened. | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install requirements | |
| run: python -m pip install -r env/requirements-style.txt | |
| - name: List installed packages | |
| run: python -m pip freeze | |
| - name: Lint GitHub Actions | |
| run: make check-actions |