Skip to content

Restore JWT refresh coverage in TestJWT #19

Restore JWT refresh coverage in TestJWT

Restore JWT refresh coverage in TestJWT #19

Workflow file for this run

# zizmor audits the GitHub Actions workflows themselves for security issues
# (injection, excessive permissions, unpinned actions, etc.).
# Results appear under the repository's "Security > Code scanning" tab.
name: zizmor
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
permissions:
contents: read
jobs:
zizmor:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
# Audit all workflow files. continue-on-error so findings still get uploaded
# to code scanning instead of aborting before the upload step.
- name: Run zizmor
continue-on-error: true
run: uvx zizmor --format sarif . > zizmor.sarif
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
sarif_file: zizmor.sarif
category: zizmor