mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-15 06:37:40 +00:00
The default suggestion for top-level permissions was `contents: read`, but scorecard notes anything other than empty, so try updating it and see if there are any issues. I think it's only needed if we run workflows from other repos. Signed-off-by: stevenhorsman <steven@uk.ibm.com>
29 lines
651 B
YAML
29 lines
651 B
YAML
name: GHA security analysis
|
|
|
|
on:
|
|
push:
|
|
branches: ["main"]
|
|
pull_request:
|
|
|
|
permissions: {}
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
zizmor:
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Run zizmor
|
|
uses: zizmorcore/zizmor-action@f52a838cfabf134edcbaa7c8b3677dde20045018 # v0.1.1
|