Skip to content

Commit d4a09c4

Browse files
committed
Use shared zizmor workflow
1 parent d827c4f commit d4a09c4

2 files changed

Lines changed: 2 additions & 30 deletions

File tree

.github/dependabot.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,5 +26,3 @@ updates:
2626
patterns:
2727
- "*"
2828
versioning-strategy: increase-if-necessary
29-
cooldown:
30-
default-days: 7

.github/workflows/zizmor.yml

Lines changed: 2 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: GitHub Actions Security Analysis with zizmor
1+
name: GitHub Actions Security Analysis with zizmor 🌈
22

33
on:
44
push:
@@ -15,30 +15,4 @@ permissions:
1515

1616
jobs:
1717
zizmor:
18-
name: Run zizmor
19-
runs-on: ubuntu-latest
20-
steps:
21-
- name: Checkout repository
22-
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
23-
with:
24-
persist-credentials: false
25-
26-
- name: Create zizmor configuration
27-
run: |
28-
cat > .zizmor-shared.yml <<'YAML'
29-
rules:
30-
unpinned-uses:
31-
config:
32-
policies:
33-
"yiisoft/*": any
34-
YAML
35-
36-
- name: Run zizmor
37-
uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
38-
with:
39-
advanced-security: false
40-
annotations: true
41-
config: .zizmor-shared.yml
42-
inputs: .github
43-
min-severity: high
44-
persona: 'pedantic'
18+
uses: yiisoft/actions/.github/workflows/zizmor.yml@master

0 commit comments

Comments
 (0)