🧪 Integrate Zizmor checks into GHA CI/CD#2327
Open
webknjaz wants to merge 2 commits intojazzband:mainfrom
Open
🧪 Integrate Zizmor checks into GHA CI/CD#2327webknjaz wants to merge 2 commits intojazzband:mainfrom
webknjaz wants to merge 2 commits intojazzband:mainfrom
Conversation
webknjaz
added a commit
to webknjaz/pip-tools
that referenced
this pull request
Feb 9, 2026
Member
Author
|
This is now waiting for @jezdez to handle jazzband/help#422. |
webknjaz
added a commit
to webknjaz/pip-tools
that referenced
this pull request
Feb 9, 2026
9edfa1b to
55c31a0
Compare
Member
|
Can/should we add a tox environment for this too? |
Member
Author
|
I'd say pre-commit, not tox directly. But wanted to start here. You could send in another PR with that while this one is blocked. |
This linter guards against common insecure setups in GitHub Actions and Workflows. It is authored and maintained by a member of the PyPA, contributor to PyPI, former employee of the Trail Of Bits. Ref: https://zizmor.sh
55c31a0 to
e19e56a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Warning
This is blocked on @jezdez handling jazzband/help#422.
This linter guards against common insecure setups in GitHub Actions and Workflows. It is authored and maintained by a member of the PyPA, contributor to PyPI, former employee of the Trail Of Bits.
Ref: https://zizmor.sh
Contributor checklist
changelog.d/(seechangelog.d/README.mdfor instructions) or the PR text says "no changelog needed".
Maintainer checklist
bot:chronographer:skiplabel.(following Semantic Versioning).