Bump andrew/ruby-upgrade-action from bf21270753cfca55167a09487745bd4be352f5cf to 9339371b5b58e54a2090801c5f3ef54fcc6ee044 #678
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Zizmor Security Audit | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| zizmor: | |
| name: Audit GitHub Actions | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write # Needed to upload SARIF results to GitHub Security | |
| contents: read # Needed to checkout repository | |
| actions: read # Needed to analyze workflow files | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d | |
| with: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |