GHA/checksrc: pass zizmor a GH token, fix warnings found

author Viktor Szakats <commit@vsz.me>

Fri, 3 Oct 2025 09:43:10 +0000 (11:43 +0200)

committer Viktor Szakats <commit@vsz.me>

Fri, 3 Oct 2025 11:54:40 +0000 (13:54 +0200)
author Viktor Szakats <commit@vsz.me>
Fri, 3 Oct 2025 09:43:10 +0000 (11:43 +0200)
committer Viktor Szakats <commit@vsz.me>
Fri, 3 Oct 2025 11:54:40 +0000 (13:54 +0200)
diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml

index 71ee031d68a8269a6c250e6766a0f7284e26357b..71d096cac51d6e32fb2bd695f4cf974284c0a6e2 100644 (file)
--- a/.github/workflows/checksrc.yml
+++ b/.github/workflows/checksrc.yml
@@ -129,6 +129,8 @@ jobs:
            persist-credentials: false
  
        - name: 'zizmor GHA'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          run: |
            eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
            zizmor --pedantic .github/workflows/*.yml
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml

index fe33518d8b16c0cd8c8ff1aa20c0fe72aee9cc04..b1e20b4d2ddac4dcf5b2fa518b4154b14f0b0406 100644 (file)
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -48,13 +48,13 @@ jobs:
            persist-credentials: false
  
        - name: 'initialize'
-        uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
          with:
            languages: actions, python
            queries: security-extended
  
        - name: 'perform analysis'
-        uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
  
    c:
      name: 'C'
@@ -84,7 +84,7 @@ jobs:
            persist-credentials: false
  
        - name: 'initialize'
-        uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
          with:
            languages: cpp
            build-mode: manual
@@ -130,4 +130,4 @@ jobs:
            fi
  
        - name: 'perform analysis'
-        uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml

index 7a1a4dad844fe572c780eb17046ee09eb5aa04f3..5a5c117ce1aba8f5bccccfe0ed9874348635c7c3 100644 (file)
--- a/.github/workflows/distcheck.yml
+++ b/.github/workflows/distcheck.yml
@@ -49,7 +49,7 @@ jobs:
        - name: 'maketgz'
          run: SOURCE_DATE_EPOCH=1711526400 ./scripts/maketgz 99.98.97
  
-      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
          with:
            name: 'release-tgz'
            path: 'curl-99.98.97.tar.gz'
author	Viktor Szakats <commit@vsz.me>
	Fri, 3 Oct 2025 09:43:10 +0000 (11:43 +0200)
committer	Viktor Szakats <commit@vsz.me>
	Fri, 3 Oct 2025 11:54:40 +0000 (13:54 +0200)
.github/workflows/checksrc.yml		patch \| blob \| blame \| history
.github/workflows/codeql.yml		patch \| blob \| blame \| history
.github/workflows/distcheck.yml		patch \| blob \| blame \| history