github-workflow-samples/.github/workflows/action-security-template.yml at main · FsharpGHActions/github-workflow-samples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# SPDX-FileCopyrightText: Copyright (C) 2025 Fabrício Barros Cabral
# SPDX-License-Identifier: MIT
---
# yamllint disable rule:line-length
name: action-security-template
'on':
  workflow_call:
    inputs:
      working-directory:
        description: "Set the working directory"
        required: false
        default: ".github/workflows/"
        type: string
    secrets:
      gh_token:
        description: "GitHub Token"
        required: true
defaults:
  run:
    shell: bash -xeuo pipefail {0}
jobs:
  action-security-template:
    runs-on: ubuntu-24.04
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v5
        with:
          persist-credentials: false
      - name: Run zizmor
        uses: zizmorcore/zizmor-action@873539476a7f9b0da7504d0d9e9a6a5275094d98
        with:
          token: ${{ secrets.gh_token }}
          inputs: ${{ inputs.working-directory }}