summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.github/workflows/benchmark.yml3
-rw-r--r--.github/workflows/check_commit_messages.yml3
-rw-r--r--zizmor.yml6
3 files changed, 11 insertions, 1 deletions
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
index 6cc11b3357..6c9d2a3e1a 100644
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -19,7 +19,8 @@ jobs:
path: "."
persist-credentials: false
- name: Setup Miniforge
- uses: conda-incubator/setup-miniconda@v3
+ # Pinned to v3.2.0.
+ uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f
with:
miniforge-version: "24.1.2-0"
activate-environment: asv-bench
diff --git a/.github/workflows/check_commit_messages.yml b/.github/workflows/check_commit_messages.yml
index 70f1dd7d1e..a4594d611c 100644
--- a/.github/workflows/check_commit_messages.yml
+++ b/.github/workflows/check_commit_messages.yml
@@ -8,6 +8,9 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
+permissions:
+ contents: read
+
jobs:
check-commit-prefix:
if: startsWith(github.event.pull_request.base.ref, 'stable/')
diff --git a/zizmor.yml b/zizmor.yml
new file mode 100644
index 0000000000..8d1b34ed48
--- /dev/null
+++ b/zizmor.yml
@@ -0,0 +1,6 @@
+rules:
+ unpinned-uses:
+ config:
+ policies:
+ actions/*: ref-pin
+ psf/*: ref-pin
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 21:31:39 +0000