Skip to content

Commit

Permalink
Add zizmor scanning
Browse files Browse the repository at this point in the history 
Minor: Fix checkbox->Checkbox
  • Loading branch information
@Hook25
Hook25 committed Dec 20, 2024
1 parent c8ee1bf commit cc5dc34
Showing 1 changed file with 21 additions and 1 deletion.
22 changes: 21 additions & 1 deletion .github/workflows/validate_workflows.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ jobs:
name: Workflow validation
runs-on: ubuntu-latest
steps:
- name: Checkout checkbox monorepo
- name: Checkout Checkbox monorepo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install action-validator with asdf
uses: asdf-vm/actions/install@v3
with:
Expand All @@ -21,3 +23,21 @@ jobs:
run: |
find .github/workflows -type f \( -iname \*.yaml -o -iname \*.yml \) \
| xargs -I {} action-validator --verbose {}
workflow_vulnerability_scan:
name: Workflow vulnerability scanning
runs-on: ubuntu-latest
steps:
- name: Checkout Checkbox monorepo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install zizmor from crates.io
uses: baptiste0928/cargo-install@v3
with:
crate: zizmor
version: '0.10.0'
- name: Scan all workflows
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
zizmor $(ls .github/workflows/*.{yaml,yml})

0 comments on commit cc5dc34

Please sign in to comment.