squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-22 08:27:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add checking for GitHub Actions workflows

Chocobo1
2025-01-18 19:15:43 +08:00
parent 35166ea99c
commit 2535a5ce28
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/ci_file_health.yaml vendored

@@ -12,6 +12,8 @@ jobs:
ci: ci:
name: Check name: Check
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
security-events: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -23,3 +25,22 @@ jobs:
- name: Check files - name: Check files
uses: pre-commit/action@v3.0.1 uses: pre-commit/action@v3.0.1
- name: Check GitHub Actions workflow
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
pip install zizmor
zizmor \
--format sarif \
--pedantic \
./ \
| jq '(.runs[].results |= map(select(.ruleId != "unpinned-uses")))
| (.runs[].tool.driver.rules |= map(select(.id != "unpinned-uses")))' \
> "${{ runner.temp }}/zizmor_results.sarif"
- name: Upload zizmor results
uses: github/codeql-action/upload-sarif@v3
with:
category: zizmor
sarif_file: "${{ runner.temp }}/zizmor_results.sarif"