From ab7dd8999a301c8862307d92ea1fcfda7c94d91f Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 3 Oct 2025 11:41:54 +0200 Subject: [PATCH] ci/GHA: pass zizmor a GH token, fix warnings found For a complete, online, check. After this patch the check takes 25s, up from a fraction of a second. Closes #1694 --- .github/workflows/ci.yml | 2 ++ .github/workflows/codeql.yml | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 80a7a6aa..65576e61 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,6 +52,8 @@ jobs: reuse lint - name: 'zizmor GHA' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" zizmor --pedantic .github/workflows/*.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ffdb2960..f9ef8f1f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: 'initialize' - uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 + uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: languages: actions queries: security-extended - name: 'perform analysis' - uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 + uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 c: name: 'C' @@ -67,7 +67,7 @@ jobs: persist-credentials: false - name: 'initialize' - uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 + uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: languages: cpp build-mode: manual @@ -88,4 +88,4 @@ jobs: fi - name: 'perform analysis' - uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 + uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5