ci: zizmor workflow

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-30 19:58:03 +00:00 · 2026-04-15 12:24:42 +02:00
parent 21bd660cd5
commit 0c878186d3
1 changed files with 33 additions and 0 deletions
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -0,0 +1,33 @@
+name: zizmor
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+      - '[0-9]+.[0-9]+'
+      - '[0-9]+.x'
+    tags:
+      - 'v*'
+      - 'docker-v*'
+      - 'api/v*'
+      - 'client/v*'
+  pull_request:
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/zizmor.yml@d89fe92d808a15e2b2ed5cdb62db7c172c31410d # v1.6.0
+    permissions:
+      contents: read
+      security-events: write
+    with:
+      min-severity: medium
+      min-confidence: medium
+      persona: pedantic