Add zizmor job

TonyCTHsu · TonyCTHsu · commit f3b0c830b02f · 2025-03-04T16:00:32.000+01:00
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -112,6 +112,14 @@ jobs:
         env:
           SEMGREP_RULES: p/default
 
+  zizmor:
+    name: zizmor/lint
+    runs-on: ubuntu-24.04
+    container: ghcr.io/woodruffw/zizmor
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - run: zizmor --min-severity high .
+
   complete:
     name: Static Analysis (complete)
     needs:
@@ -121,6 +129,7 @@ jobs:
       - 'semgrep'
       - 'dd-software-composition-analysis'
       - 'dd-static-analysis'
+      - 'zizmor'
     runs-on: ubuntu-24.04
     steps:
       - run: echo "Done"
