Merge branch 'release/ga-4.7' #40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Lint GitHub Actions for common security issues using zizmor. | |
| # Docs: https://woodruffw.github.io/zizmor | |
| name: Lint GitHub Actions | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: {} | |
| jobs: | |
| lint: | |
| # run only if not on the Mira repo (MiraGeoscience repo has its own workflow for Zizmor) | |
| if: ${{ !startsWith(github.repository, 'MiraGeoscience/') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install zizmor | |
| run: python -m pip install zizmor | |
| - name: List installed packages | |
| run: python -m pip freeze | |
| - name: Lint GitHub Actions | |
| run: make check-actions | |
| env: | |
| # Set GH_TOKEN to allow zizmor to check online vulnerabilities | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |