Run Zizmor via uv (#610)

* Run Zizmor via uv

* Update PDM while we're at it

Author: Tinche

.github/workflows/main.yml

@@ -27,7 +27,7 @@ jobs:
           python-version: "${{ matrix.python-version }}"
           allow-python-prereleases: true
           cache: true
-          version: "2.19.2"
+          version: "2.21.0"
 
       - name: "Run Tox"
         run: |
@@ -113,7 +113,7 @@ jobs:
       - uses: "pdm-project/setup-pdm@v4"
         with:
           python-version: "3.12"
-          version: "2.19.2"
+          version: "2.21.0"
 
       - name: "Install check-wheel-content and twine"
         run: "python -m pip install twine check-wheel-contents"

.github/workflows/zizmor.yml

@@ -1,4 +1,3 @@
-# https://github.com/woodruffw/zizmor
 name: Zizmor
 
 on:
@@ -10,24 +9,24 @@ on:
 permissions:
   contents: read
 
-
 jobs:
   zizmor:
-    name: Zizmor latest via Cargo
+    name: Zizmor latest via uv
     runs-on: ubuntu-latest
     permissions:
       security-events: write
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Setup Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-      - name: Get zizmor
-        run: cargo install zizmor
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "latest"
       - name: Run zizmor
-        run: zizmor --format sarif . > results.sarif
+        run: uvx zizmor --format sarif . > results.sarif
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v3
         with: