From 4cc0bb0855434a59e037bc4a58bdf64b270de8da Mon Sep 17 00:00:00 2001 From: Joshua Napoli Date: Mon, 8 Jun 2026 21:50:19 -0400 Subject: [PATCH] [PD1-905] Roll out zizmor Resolve all zizmor GitHub Actions static-analysis findings. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/ci.yml | 4 ++++ .github/workflows/license-check-python.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 94a4ea3..a2d0cc4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,6 +19,8 @@ on: jobs: build: runs-on: ubuntu-24.04 + permissions: + contents: read strategy: matrix: python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"] @@ -26,6 +28,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - uses: CVector-Energy/python-test@b956bb181831f0ddca3496505d5823c678a926e7 # v1.1.0 with: diff --git a/.github/workflows/license-check-python.yml b/.github/workflows/license-check-python.yml index 37e82fc..733f43b 100644 --- a/.github/workflows/license-check-python.yml +++ b/.github/workflows/license-check-python.yml @@ -6,9 +6,13 @@ on: jobs: license-check: runs-on: ubuntu-24.04 + permissions: + contents: read steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false - name: Check Python licenses uses: CVector-Energy/pyproject-license-check@977092b2a13e0766082dfdfb7c57b67985c675e8 # main