Skip to content

Improve postinstall script resilience #49

Improve postinstall script resilience

Improve postinstall script resilience #49

Workflow file for this run

name: "Scan workflows"
on:
pull_request:
branches:
- "**"
paths:
# Run for changes to *any* workflow file
- ".github/workflows/*.yml"
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
permissions:
# Write access needed to upload SARIF scan results
security-events: write
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install zizmor
run: cargo install zizmor
- name: Scan workflows
run:
zizmor --format=sarif . | tee workflow-scan.sarif
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: github/codeql-action/upload-sarif@v3
if: always()
with:
# Path to SARIF file relative to the root of the repository
sarif_file: workflow-scan.sarif