ci: bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 #44
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wycheproof Test Vectors | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Pinned to an explicit upstream commit so vector changes (or upstream | |
| # compromise) cannot silently alter what "verification passed" means. | |
| # Bump procedure: CONTRIBUTING.md "Updating pinned verification upstreams". | |
| env: | |
| WYCHEPROOF_PIN: 6d7cccd0fcb1917368579adeeac10fe802f1b521 # 2026-06-06 | |
| jobs: | |
| mldsa87-wycheproof: | |
| name: ML-DSA-87 Wycheproof Verification | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 | |
| with: | |
| node-version: 22.x | |
| - name: Clone C2SP/wycheproof (sparse, pinned) | |
| run: | | |
| # Sparse checkout of testvectors_v1/ only; the repo is large | |
| # and we only need the ML-DSA JSON files. Blobless clone + | |
| # sparse checkout fetches only the blobs under the selected | |
| # paths at the pinned commit. | |
| git clone --no-checkout --filter=blob:none \ | |
| https://github.com/C2SP/wycheproof.git /tmp/wycheproof | |
| cd /tmp/wycheproof | |
| git sparse-checkout init --cone | |
| git sparse-checkout set testvectors_v1 | |
| git checkout "$WYCHEPROOF_PIN" | |
| echo "Wycheproof commit: $(git rev-parse --short HEAD)" | |
| echo "Wycheproof date: $(git log -1 --format=%ci)" | |
| ls -la testvectors_v1/mldsa_87_*.json | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build packages | |
| run: npm run build | |
| - name: Run Wycheproof ML-DSA-87 tests | |
| working-directory: packages/mldsa87 | |
| env: | |
| WYCHEPROOF_VECTORS_DIR: /tmp/wycheproof/testvectors_v1 | |
| run: npx mocha test/wycheproof.test.js --reporter spec |