Kevin Minehart
97d10b5095
* remove unused worklow; use GITHUB_TOKEN where possible * pin usages of checkout and setup-go * Fix zizmor errors * add zizmor.yml * fix `changelog.yml` * fix `core-plugins-build-and-release.yml` * fix `release-comms.yml` * update release-pr.yml and run-e2e-suite.yml * Fix errors in files outside of .github/workflows * Remove path filter on zizmor.yml --------- Co-authored-by: Sven Grossmann <svennergr@gmail.com> Co-authored-by: joshhunt <josh.hunt@grafana.com>
24 lines
582 B
YAML
24 lines
582 B
YAML
name: Zizmor GitHub Actions static analysis
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
zizmor:
|
|
name: Analyse with Zizmor
|
|
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
# required to comment on pull requests with the results of the check
|
|
pull-requests: write
|
|
# required to upload the results to GitHub's code scanning service
|
|
security-events: write
|
|
|
|
uses: grafana/shared-workflows/.github/workflows/reusable-zizmor.yml@main # zizmor: ignore[unpinned-uses]
|
|
with:
|
|
fail-severity: high
|
|
min-severity: high
|