feat(ci): improve workflows

till · till · commit 5c36c4fb8b0e · 2026-03-28T21:54:57.000+01:00
- tighten versions of actions use
- add job and use zizmore to check
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,8 +6,27 @@ on:
   pull_request:
     branches: [main]
 
+permissions: {}
+
 jobs:
   test:
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
+
+
+  e2e:
+    needs: test
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix:
@@ -28,7 +47,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     name: ${{ matrix.name }}
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - uses: ./
         with:
