element-hq
Add Zizmor check in CI to check the CI configuration for security problems.
More or less a copy of https://woodruffw.github.io/zizmor/usage/#use-in-github-actions but with path conditions.
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.
![github-advanced-security[bot] avatar](https://avatars.githubusercontent.com/in/57789?v=4 "Published by a pub.dev verified publisher"){kind=small}
(the irony that the suggested running script is not very pinned or secure, installing Zizmor from PyPI unpinned at runtime. Will aim to fix this before considering merge)
(edit: this appears to be tracked at https://redirect.github.com/zizmorcore/zizmor-action/issues/52)
Edit: would probably also prefer switching to the 'annotations' output than the 'Advanced Security' thing, given the latter has some known defects and it doesn't actually show up in your PR