Run Zizmor with token

hynek · hynek · commit e51f34705d0e · 2024-12-14T15:11:26.000+01:00
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -10,9 +10,10 @@ on:
 permissions:
   contents: read
 
+
 jobs:
   zizmor:
-    name: Zizmor latest via Cargo
+    name: Zizmor latest via PyPI
     runs-on: ubuntu-latest
     permissions:
       security-events: write
@@ -21,12 +22,13 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Setup Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-      - name: Get zizmor
-        run: cargo install zizmor
-      - name: Run zizmor
-        run: zizmor --format sarif . > results.sarif
+      - uses: hynek/setup-cached-uv@v2
+
+      - name: Run zizmor 🌈
+        run: uvx zizmor --format sarif . > results.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v3
         with:
