Skip to content

Commit a009122

Browse files
marcoienimarcoieni
authored
Merge pull request #2416 from rust-lang/make-zizmor-mandatory-in-ci
make zizmor mandatory in CI
2 parents 51a4e92 + 953d9b0 commit a009122

2 files changed

Lines changed: 17 additions & 26 deletions

File tree

.github/workflows/main.yml

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,12 +129,28 @@ jobs:
129129
- name: Deploy to GitHub Pages
130130
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
131131

132+
zizmor:
133+
name: Run zizmor
134+
runs-on: ubuntu-latest
135+
permissions:
136+
contents: read
137+
steps:
138+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
139+
with:
140+
persist-credentials: false
141+
142+
- name: Run zizmor
143+
uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
144+
with:
145+
persona: pedantic
146+
advanced-security: false
147+
132148
# Summary job for the merge queue.
133149
# ALL THE PREVIOUS JOBS NEED TO BE ADDED TO THE `needs` SECTION OF THIS JOB!
134150
CI:
135151
# Keep `name` matching the status check.
136152
name: CI
137-
needs: [ test, deploy ]
153+
needs: [ test, deploy, zizmor ]
138154
# We need to ensure this job does *not* get skipped if its dependencies fail,
139155
# because a skipped job is considered a success by GitHub. So we have to
140156
# overwrite `if:`. We use `!cancelled()` to ensure the job does still not get run

.github/workflows/zizmor.yml

Lines changed: 0 additions & 25 deletions
This file was deleted.

0 commit comments

Comments
 (0)