1name: Zizmor
 2
 3on:
 4  push:
 5    branches: ['main']
 6  pull_request:
 7    branches: ['**']
 8
 9permissions: {}
10
11jobs:
12  zizmor:
13    name: zizmor
14    runs-on: ubuntu-latest
15    permissions:
16      contents: read
17      actions: read
18    steps:
19      - name: Checkout repository
20        uses: actions/checkout@v5
21        with:
22          persist-credentials: false
23
24      - name: Install the latest version of uv
25        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 #v7.1.2
26        with:
27          enable-cache: false
28
29      - name: Run zizmor
30        run: uvx zizmor@1.16.2 .github/workflows -v -p --min-severity=medium