From 3b32b9163336094d40cd6c718e31197a860ecaa4 Mon Sep 17 00:00:00 2001
From: Olivier Vernin <olivier@vernin.me>
Date: Mon, 6 Apr 2026 20:45:05 +0200
Subject: [PATCH] feat: set default zizmor configuration

Updated Zizmor policy version and added inline values configuration.
---
 updatecli-compose.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml
index 331199f..8b41d6e 100644
--- a/updatecli-compose.yaml
+++ b/updatecli-compose.yaml
@@ -33,6 +33,12 @@ policies:
       - updatecli/values.d/updatecli_gha.yaml
 
   - name: Install Zizmor everywhere
-    policy: ghcr.io/updatecli/policies/zizmor/githubaction/scaffold:0.6.0@sha256:a0fce8b97fa03cb8aefa5e4d2c3bd6eafe02eb773a5d3f1ee67644962cd9dbfa
+    policy: ghcr.io/updatecli/policies/zizmor/githubaction/scaffold:0.7.0
     values:
       - updatecli/values.d/scm_githubsearch.yaml
+    valuesinline:
+      config:
+        rules:
+          secrets-outside-env:
+          disable: true
+