diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 96c3a855..2a6b15dc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,6 +15,8 @@ env: # renovate: datasource=pypi depName=uv UV_VERSION: '0.5.24' +permissions: {} + jobs: quality: runs-on: ubuntu-24.04 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6d41b8b5..f531c994 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,6 +10,8 @@ env: # renovate: datasource=pypi depName=uv UV_VERSION: '0.5.24' +permissions: {} + jobs: set-version: runs-on: ubuntu-24.04 diff --git a/.github/workflows/validate-codecov-config.yml b/.github/workflows/validate-codecov-config.yml index 1578715a..537f7a07 100644 --- a/.github/workflows/validate-codecov-config.yml +++ b/.github/workflows/validate-codecov-config.yml @@ -8,6 +8,8 @@ on: push: branches: [main] +permissions: {} + jobs: validate-codecov-config: runs-on: ubuntu-24.04 diff --git a/.github/workflows/validate-renovate-config.yml b/.github/workflows/validate-renovate-config.yml index 15589324..159b4554 100644 --- a/.github/workflows/validate-renovate-config.yml +++ b/.github/workflows/validate-renovate-config.yml @@ -12,6 +12,8 @@ env: # renovate: datasource=node depName=node versioning=node NODE_VERSION: "22" +permissions: {} + jobs: validate-renovate-config: runs-on: ubuntu-24.04 diff --git a/zizmor.yml b/.github/zizmor.yml similarity index 80% rename from zizmor.yml rename to .github/zizmor.yml index 1d5668bb..37f3f81e 100644 --- a/zizmor.yml +++ b/.github/zizmor.yml @@ -2,4 +2,4 @@ rules: artipacked: ignore: # Required for publishing documentation to `gh-pages` branch. - - release.yml:220 + - release.yml:222 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 446cb962..5d73cd0a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -53,6 +53,6 @@ repos: pass_filenames: false - repo: https://github.com/woodruffw/zizmor-pre-commit - rev: "v1.1.1" + rev: "v1.2.2" hooks: - id: zizmor