Upgrade zizmor to the latest version in CI (#15649)

astral-sh · Jan 22, 2025 · 05abd64 · 05abd64
1 parent bb6fb46
commit 05abd64
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 1 deletion.
diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml
@@ -23,6 +23,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 env:
   PACKAGE_NAME: ruff
   MODULE_NAME: ruff

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,5 +1,7 @@
 name: CI
 
+permissions: {}
+
 on:
   push:
     branches: [main]

diff --git a/.github/zizmor.yml b/.github/zizmor.yml
@@ -10,3 +10,10 @@ rules:
     ignore:
       - build-docker.yml
       - publish-playground.yml
+  excessive-permissions:
+    # it's hard to test what the impact of removing these ignores would be
+    # without actually running the release workflow...
+    ignore:
+      - build-docker.yml
+      - publish-playground.yml
+      - publish-docs.yml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -91,7 +91,7 @@ repos:
   # zizmor detects security vulnerabilities in GitHub Actions workflows.
   # Additional configuration for the tool is found in `.github/zizmor.yml`
   - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v1.1.1
+    rev: v1.2.2
     hooks:
       - id: zizmor