github.com/anchore/syft@v1.38.2/.github/workflows/validate-github-actions.yaml

github.com/anchore/syft@v1.38.2/.github/workflows/validate-github-actions.yaml (about)

     1  name: "Validate GitHub Actions"
     2  
     3  on:
     4    pull_request:
     5      paths:
     6        - '.github/workflows/**'
     7        - '.github/actions/**'
     8    push:
     9      branches:
    10        - main
    11      paths:
    12        - '.github/workflows/**'
    13        - '.github/actions/**'
    14  
    15  permissions:
    16    contents: read
    17  
    18  jobs:
    19    zizmor:
    20      name: "Lint"
    21      runs-on: ubuntu-latest
    22      permissions:
    23        contents: read
    24        security-events: write  # for uploading SARIF results
    25      steps:
    26        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
    27          with:
    28            persist-credentials: false
    29  
    30        - name: "Run zizmor"
    31          uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0
    32          with:
    33            config-file: .github/zizmor.yml
    34            sarif-upload: true
    35            inputs: .github