File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 7070
7171 services :
7272 mysql :
73- image : mariadb:${{ matrix.mariadb }}
73+ image : mariadb:${{ matrix.mariadb }} # zizmor: ignore[unpinned-images]
7474 env :
7575 MARIADB_ALLOW_EMPTY_ROOT_PASSWORD : true
7676 MARIADB_ROOT_PASSWORD : ' '
Original file line number Diff line number Diff line change 7272
7373 services :
7474 mssql :
75- image : mcr.microsoft.com/mssql/server:${{ matrix.mssql.server }}
75+ image : mcr.microsoft.com/mssql/server:${{ matrix.mssql.server }} # zizmor: ignore[unpinned-images]
7676 env :
7777 MSSQL_SA_PASSWORD : YourStrong!Passw0rd
7878 ACCEPT_EULA : Y
Original file line number Diff line number Diff line change 4646
4747 services :
4848 postgres :
49- image : postgres:18
49+ image : postgres:18 # zizmor: ignore[unpinned-images]
5050 env :
5151 POSTGRES_USER : root
5252 POSTGRES_PASSWORD : root
Original file line number Diff line number Diff line change 6262
6363 services :
6464 mysql :
65- image : mysql:${{ matrix.mysql }}
65+ image : mysql:${{ matrix.mysql }} # zizmor: ignore[unpinned-images]
6666 env :
6767 MYSQL_ALLOW_EMPTY_PASSWORD : true
6868 MYSQL_PASSWORD : ' '
Original file line number Diff line number Diff line change 6060
6161 services :
6262 oci :
63- image : gvenzl/oracle-xe:${{ matrix.oracle }}
63+ image : gvenzl/oracle-xe:${{ matrix.oracle }} # zizmor: ignore[unpinned-images]
6464 ports :
6565 - 1521:1521
6666 env :
Original file line number Diff line number Diff line change 6969
7070 services :
7171 postgres :
72- image : postgres:${{ matrix.pgsql }}
72+ image : postgres:${{ matrix.pgsql }} # zizmor: ignore[unpinned-images]
7373 env :
7474 POSTGRES_USER : root
7575 POSTGRES_PASSWORD : root
Original file line number Diff line number Diff line change 1- name : GitHub Actions Security Analysis with zizmor 🌈
1+ name : GitHub Actions Security Analysis with zizmor
22
33on :
44 push :
@@ -15,4 +15,30 @@ permissions:
1515
1616jobs :
1717 zizmor :
18- uses : yiisoft/actions/.github/workflows/zizmor.yml@master
18+ name : Run zizmor
19+ runs-on : ubuntu-latest
20+ steps :
21+ - name : Checkout repository
22+ uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
23+ with :
24+ persist-credentials : false
25+
26+ - name : Create zizmor configuration
27+ run : |
28+ cat > .zizmor-shared.yml <<'YAML'
29+ rules:
30+ unpinned-uses:
31+ config:
32+ policies:
33+ "yiisoft/*": any
34+ YAML
35+
36+ - name : Run zizmor
37+ uses : zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
38+ with :
39+ advanced-security : false
40+ annotations : true
41+ config : .zizmor-shared.yml
42+ inputs : .github
43+ min-severity : high
44+ persona : ' pedantic'
You can’t perform that action at this time.
0 commit comments