From e51f34705d0e6c6551ca0915eded697dc99f0e57 Mon Sep 17 00:00:00 2001 From: Hynek Schlawack Date: Sat, 14 Dec 2024 15:11:26 +0100 Subject: [PATCH] Run Zizmor with token --- .github/workflows/zizmor.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 2a8b5bf2..cde16a0a 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -10,9 +10,10 @@ on: permissions: contents: read + jobs: zizmor: - name: Zizmor latest via Cargo + name: Zizmor latest via PyPI runs-on: ubuntu-latest permissions: security-events: write @@ -21,12 +22,13 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - name: Setup Rust - uses: actions-rust-lang/setup-rust-toolchain@v1 - - name: Get zizmor - run: cargo install zizmor - - name: Run zizmor - run: zizmor --format sarif . > results.sarif + - uses: hynek/setup-cached-uv@v2 + + - name: Run zizmor 🌈 + run: uvx zizmor --format sarif . > results.sarif + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v3 with: