From: Viktor Szakats <commit@vsz.me>
Date: Fri, 3 Oct 2025 09:43:10 +0000 (+0200)
Subject: GHA/checksrc: pass zizmor a GH token, fix warnings found
X-Git-Tag: rc-8_17_0-2~268
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2e5993ab0812fd1a983738f6d6efbc7bb0806144;p=thirdparty%2Fcurl.git

GHA/checksrc: pass zizmor a GH token, fix warnings found

For a complete, online, check.

After this patch the check takes 30s, up from a fraction of a second.

Also bump CodeQL actions to their latest version.

Closes #18827
---

diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml
index 71ee031d68..71d096cac5 100644
--- a/.github/workflows/checksrc.yml
+++ b/.github/workflows/checksrc.yml
@@ -129,6 +129,8 @@ jobs:
           persist-credentials: false
 
       - name: 'zizmor GHA'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
           zizmor --pedantic .github/workflows/*.yml
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index fe33518d8b..b1e20b4d2d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -48,13 +48,13 @@ jobs:
           persist-credentials: false
 
       - name: 'initialize'
-        uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           languages: actions, python
           queries: security-extended
 
       - name: 'perform analysis'
-        uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
 
   c:
     name: 'C'
@@ -84,7 +84,7 @@ jobs:
           persist-credentials: false
 
       - name: 'initialize'
-        uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           languages: cpp
           build-mode: manual
@@ -130,4 +130,4 @@ jobs:
           fi
 
       - name: 'perform analysis'
-        uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml
index 7a1a4dad84..5a5c117ce1 100644
--- a/.github/workflows/distcheck.yml
+++ b/.github/workflows/distcheck.yml
@@ -49,7 +49,7 @@ jobs:
       - name: 'maketgz'
         run: SOURCE_DATE_EPOCH=1711526400 ./scripts/maketgz 99.98.97
 
-      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: 'release-tgz'
           path: 'curl-99.98.97.tar.gz'