1a9867167d
`zizmor` is a tool that uses static analysis to find potential security issues in GitHub Actions [0]. (Yes, it's a bit absurd that GitHub made a CI system so complicated that tools like this were created, but I digress.) Given our increase in GHA usage recently, I think this is a good step towards keeping our security posture in tip-top shape. (It also keeps with the theme of automating as many things as possible!) The rule related to the usages of dangerous-triggers have been disabled to avoid false-positives. Explanations about the usage of `pull_request_target` and expectations around its usage can be found in `.github/workflows/README.md`. [0]: https://woodruffw.github.io/zizmor/ Co-authored-by: Thomas Gerbet <thomas@gerbet.me>
546 B
546 B