Add 'zizmor' checks in CI

## Description

`zizmor` is a static analyzer for enforcing security best practices in GitHub Actions actions and workflows.

See @gforsyth 's excellent write-up in https://github.com/rapidsai/shared-workflows/pull/390 for details on the types of things it can catch.

We should use it in `pre-commit` here

## Benefits of this work

* improves security for these workflows

## Acceptance Criteria

* `zizmor` is required to pass for CI to pass here

## Approach

Add `zizmor` to `.pre-commit-config.yaml` and fix whatever it warns about (or suppress false positives with configuration). Follow https://github.com/rapidsai/shared-workflows/pull/390 as an example

Add a small workflow running `pre-commit` on PRs here.

Update branch rulesets to require that workflow to succeed for PRs to be merged.

## Notes

N/A

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add 'zizmor' checks in CI #485

Description

Benefits of this work

Acceptance Criteria

Approach

Notes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add 'zizmor' checks in CI #485

Description

Description

Benefits of this work

Acceptance Criteria

Approach

Notes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions