chore(ci): Add more stuff

vavkamil · web-flow · commit 4933ff5ebc10 · 2025-11-30T14:30:53.000+01:00
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,16 @@
+# Description
+
+Please explain the changes you made here:
+
+- foo
+
+## Notes
+
+Please add screenshots or some additional context if you believe it is needed.
+
+## Checklist
+
+- [ ] Only GitHub links to open-source repos are added
+- [ ] No duplicate links are added
+- [ ] All repos exist and are public
+- [ ] All repos have at least 50 stars
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,25 @@
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "09:00"
+      timezone: "Europe/Prague"
+    assignees:
+      - "vavkamil"
+    cooldown:
+      default-days: 7
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      time: "09:00"
+      timezone: "Europe/Prague"
+    assignees:
+      - "vavkamil"
+    cooldown:
+      default-days: 7
diff --git a/.github/workflows/security-zizmor.yml b/.github/workflows/security-zizmor.yml
@@ -0,0 +1,39 @@
+# https://github.com/woodruffw/zizmor
+
+name: Security
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - '.github/workflows/**'
+
+permissions: {}
+
+jobs:
+  zizmor:
+    # name: zizmor via PyPI
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.10.4'
+
+      - name: Install Zizmor
+        run: |
+          python -m pip install --upgrade pip
+          pip install $(grep '^zizmor==' requirements.txt)
+
+      - name: Run Zizmor
+        run: zizmor .github/workflows
diff --git a/.github/workflows/stargazers.yml b/.github/workflows/stargazers.yml
@@ -17,7 +17,8 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v5.0.0
         with:
-          fetch-depth: 0  # we need history for diff
+          fetch-depth: 0
+          persist-credentials: false
 
       - name: Fetch base branch
         run: |
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+zizmor==1.16.1
