From 65b595852d3691598236207633de25a470311813 Mon Sep 17 00:00:00 2001 From: Joshua Napoli Date: Mon, 8 Jun 2026 21:50:31 -0400 Subject: [PATCH] [PD1-905] Roll out zizmor Resolve all zizmor GitHub Actions static-analysis findings. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/ci.yml | 5 +++++ .github/workflows/pyproject-license-check.yml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f5b7f32..4dc0249 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,9 @@ on: - src/** - tests/** +permissions: + contents: read + jobs: build: runs-on: ubuntu-24.04 @@ -26,6 +29,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - uses: CVector-Energy/python-test@b956bb181831f0ddca3496505d5823c678a926e7 # main with: diff --git a/.github/workflows/pyproject-license-check.yml b/.github/workflows/pyproject-license-check.yml index 7176520..9a823bd 100644 --- a/.github/workflows/pyproject-license-check.yml +++ b/.github/workflows/pyproject-license-check.yml @@ -13,6 +13,8 @@ jobs: steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1