diff options
| author | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-11-14 13:58:40 -0500 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-11-21 15:01:37 -0500 |
| commit | 6a803907407780f717f30663b2ae3bad43d7ac54 (patch) | |
| tree | 3a57cfe76b3235b7e24c386589eb4a07fded512f | |
| parent | 2baa8708b4f166d82f53ff8f8e565ebfd356e1dc (diff) | |
[4.2.x] Addressed unpinned-uses zizmor finding.
Backport of 86b8058b40145fb5ba4fd859676225f533eca986 from main.
| -rw-r--r-- | .github/workflows/check_commit_messages.yml | 3 | ||||
| -rw-r--r-- | zizmor.yml | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/.github/workflows/check_commit_messages.yml b/.github/workflows/check_commit_messages.yml index 70f1dd7d1e..a4594d611c 100644 --- a/.github/workflows/check_commit_messages.yml +++ b/.github/workflows/check_commit_messages.yml @@ -8,6 +8,9 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: + contents: read + jobs: check-commit-prefix: if: startsWith(github.event.pull_request.base.ref, 'stable/') diff --git a/zizmor.yml b/zizmor.yml new file mode 100644 index 0000000000..8d1b34ed48 --- /dev/null +++ b/zizmor.yml @@ -0,0 +1,6 @@ +rules: + unpinned-uses: + config: + policies: + actions/*: ref-pin + psf/*: ref-pin |