GHA/checksrc: add auditor-level zizmor (warning-only)

CI time cost is 1s. It may replace existing pedantic check, if this level isn't bringing false-positives or annoyance. Officially it's not meant for CI, but curl has been passing this in the last couple of months when checked locally. Closes #21718
2026-06-03 11:54:16 +03:00 · 2026-05-21 19:09:35 +02:00 · 2026-05-21 19:09:35 +02:00 · 8e549fbdd3
commit 8e549fbdd3
parent bb5500a752
1 changed files with 7 additions and 0 deletions
--- a/.github/workflows/checksrc.yml
+++ b/.github/workflows/checksrc.yml
@ -165,6 +165,13 @@ jobs:
          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
          zizmor --persona pedantic .github/workflows/*.yml .github/dependabot.yml

+      - name: 'zizmor GHA (auditor, warning-only)'
+        env:
+          GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+        run: |
+          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
+          zizmor --persona auditor .github/workflows/*.yml .github/dependabot.yml || true
+
      - name: 'actionlint'
        run: |
          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"