mirror of
https://github.com/pnpm/pnpm.git
synced 2026-06-28 09:55:39 -04:00
a5b1ac783f
Bumps the github-actions group with 4 updates: [github/codeql-action](https://github.com/github/codeql-action), [taiki-e/install-action](https://github.com/taiki-e/install-action), [garnet-org/action](https://github.com/garnet-org/action) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `github/codeql-action` from 4.35.4 to 4.35.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](68bde559de...9e0d7b8d25) Updates `taiki-e/install-action` from 2.78.0 to 2.78.1 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](e1c4cd4211...184183c240) Updates `garnet-org/action` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/garnet-org/action/releases) - [Commits](9e819143e6...2b7fc9d79b) Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.5 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](b1d7e1fb5d...a16621b09c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: taiki-e/install-action dependency-version: 2.78.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: garnet-org/action dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
36 lines
1005 B
YAML
36 lines
1005 B
YAML
name: GitHub Actions Security Analysis with zizmor
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- 'release/**'
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- 'release/**'
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
zizmor:
|
|
name: zizmor latest via PyPI
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
security-events: write
|
|
contents: read
|
|
actions: read
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Run zizmor
|
|
uses: zizmorcore/zizmor-action@a16621b09c6db4281f81a93cb393b05dcd7b7165 # v0.5.5
|
|
with:
|
|
# Fork PRs run with a read-only GITHUB_TOKEN, so SARIF upload to
|
|
# Code scanning would fail. In that case, run zizmor anyway and
|
|
# print findings to the console instead.
|
|
advanced-security: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
|