Skip to content

docs: codify PM-level, short PR descriptions in the org PR template #47

docs: codify PM-level, short PR descriptions in the org PR template

docs: codify PM-level, short PR descriptions in the org PR template #47

name: πŸ” Scan for Workflow Vulnerabilities
permissions: {}
on:
workflow_call:
### Required Workflow Triggers ###
pull_request:
merge_group:
##################################
jobs:
zizmor:
runs-on: ubuntu-latest
if: github.event_name != 'merge_group'
permissions:
security-events: write
contents: read # only needed for private repos
actions: read # only needed for private repos
steps:
- name: πŸ›‘οΈ Harden runner
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit
- name: πŸ“‘ Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: πŸ” Check for zizmor config
id: config
run: |
if [ -f "zizmor.yml" ]; then
echo "exists=true" >> "$GITHUB_OUTPUT"
else
echo "exists=false" >> "$GITHUB_OUTPUT"
fi
- name: 🌈 Zizmor
uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7
with:
config: ${{ steps.config.outputs.exists == 'true' && 'zizmor.yml' || '' }}