It would be good if our GitHub workflows were statically analyzed with zizmor: https://github.com/woodruffw/zizmor
Similar change was recently done in python-tuf: theupdateframework/python-tuf#2798
It's likely that the same approach will work:
- add zizmor (with current version) to requirements-lint.txt
- Add
zizmor --persona=pedantic -q call in lint section of tox.ini
- fix issues reported by zizmor when
tox -e lint runs:
- looks like zizmor reports 18 findings currently: most are easy to fix
- please paste specific error in a comment here if it's not obvious how to deal with it
It would be good if our GitHub workflows were statically analyzed with zizmor: https://github.com/woodruffw/zizmor
Similar change was recently done in python-tuf: theupdateframework/python-tuf#2798
It's likely that the same approach will work:
zizmor --persona=pedantic -qcall in lint section of tox.initox -e lintruns: