ci: use zizmorcore/zizmor-action (#139)

richardapeters · web-flow · commit da84a5d66a53 · 2025-12-18T16:50:40.000+01:00
* ci: harden security

* Allow containers in flex-build-push

* Allow containers in linting

* ci: use zizmorcore/zizmor-action

* Add cooldown to dependabot
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,6 +6,8 @@ updates:
     directory: /
     schedule:
       interval: daily
+    cooldown:
+      default-days: 7
     groups:
       github-actions:
         update-types:
@@ -15,10 +17,14 @@ updates:
     directory: .devcontainer
     schedule:
       interval: daily
+    cooldown:
+      default-days: 7
   - package-ecosystem: gitsubmodule
     directory: /
     schedule:
       interval: daily
+    cooldown:
+      default-days: 7
     commit-message:
       prefix: "feat(deps)"
     groups:
diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml
@@ -31,6 +31,7 @@ jobs:
         with:
           fetch-depth: 0
           persist-credentials: false
+      - uses: zizmorcore/zizmor-action@e639db99335bc9038abc0e066dfcd72e23d26fb4 # v0.3.0
       - uses: oxsecurity/megalinter/flavors/documentation@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
         env:
           APPLY_FIXES: all
