mise-action/.github/workflows/zizmor.yml

name: zizmor
on:
  push:
    branches: [main]
    paths: ['.github/workflows/**']
  pull_request:
    paths: ['.github/workflows/**']

permissions: {}

jobs:
  zizmor:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
      - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
        with:
          advanced-security: false