Run Zizmor from PyPI

hynek · hynek · commit 8eac3fd48059 · 2025-02-03T09:06:21.000+01:00
Hilariously, because it's faster.
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -13,7 +13,7 @@ permissions:
 
 jobs:
   zizmor:
-    name: Zizmor latest via Cargo
+    name: Zizmor latest via PyPI
     runs-on: ubuntu-latest
     permissions:
       security-events: write
@@ -22,12 +22,13 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Setup Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-      - name: Get zizmor
-        run: cargo install zizmor
-      - name: Run zizmor
-        run: zizmor --format sarif . > results.sarif
+      - uses: hynek/setup-cached-uv@v2
+
+      - name: Run zizmor 🌈
+        run: uvx zizmor --format sarif . > results.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v3
         with:
