Skip to content

CI: add a zizmor workflow #4911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JelleZijlstra merged 1 commit into from
Dec 12, 2025
Merged

CI: add a zizmor workflow #4911

JelleZijlstra merged 1 commit into from
Dec 12, 2025
+24 −0

Conversation

@woodruffw
Copy link
Member

@woodruffw woodruffw commented Dec 12, 2025

Description

This adds a new workflow, zizmor.yml, which will run zizmor via zizmor-action on each push and pull request.

See #4901, #4905, #4906 for motivating context.

Note: this adds a new workflow for zizmor, but another option here would be to integrate zizmor via pre-commit. The upside to that is that running it locally would be constant with CI; the downside is that it's not easy (possible?) to directly integrate with GitHub's SARIF consumption support for stateful finding tracking. But if that's better for you all, I'm happy to retool this PR in that direction 🙂

Checklist - did you ...

  • Implement any code style changes under the --preview style, following the
    stability policy?
  • Add an entry in CHANGES.md if necessary?
  • Add / update tests if necessary?
  • Add new / update outdated documentation?

None of the above are applicable, I believe 🙂

@woodruffw
CI: add a zizmor workflow
3821c8a 
Signed-off-by: William Woodruff <[email protected]>
@github-advanced-security
Copy link

github-advanced-security bot commented Dec 12, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@JelleZijlstra JelleZijlstra added the skip news Pull requests that don't need a changelog entry. label Dec 12, 2025
JelleZijlstra
JelleZijlstra approved these changes Dec 12, 2025
View reviewed changes
Copy link
Collaborator

@JelleZijlstra JelleZijlstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@github-actions
Copy link

github-actions bot commented Dec 12, 2025

diff-shades reports zero changes comparing this PR (3821c8a) to main (bfdecb1).

What is this? | Workflow run | diff-shades documentation

@JelleZijlstra JelleZijlstra merged commit c3cc5a9 into psf:main Dec 12, 2025
55 of 56 checks passed
rxjacob pushed a commit to rxjacob/black that referenced this pull request Jan 3, 2026
@woodruffw @rxjacob
CI: add a zizmor workflow (psf#4911)
10bbda5 
Signed-off-by: William Woodruff <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JelleZijlstra JelleZijlstra JelleZijlstra approved these changes

Assignees

No one assigned

Labels

skip news Pull requests that don't need a changelog entry.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@woodruffw @JelleZijlstra