From 6f930800332ad23f0bccd4cf895cdede194d0d86 Mon Sep 17 00:00:00 2001
From: Sylvestre Ledru <sylvestre@debian.org>
Date: Tue, 10 Mar 2026 11:53:01 +0100
Subject: [PATCH 1/2] ci: add zizmor workflow for GitHub Actions security
 analysis

---
 .github/workflows/zizmor.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .github/workflows/zizmor.yml

diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
new file mode 100644
index 000000000..a1c0f4c33
--- /dev/null
+++ b/.github/workflows/zizmor.yml
@@ -0,0 +1,26 @@
+name: GitHub Actions Security Analysis with zizmor
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["**"]
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: zizmor
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: zizmor-action
+        uses: zizmorcore/zizmor-action@v0.5.2

From 21f283aff8416fb10908ec24f87d104963f85cdd Mon Sep 17 00:00:00 2001
From: Sylvestre Ledru <sledru@mozilla.com>
Date: Mon, 16 Mar 2026 15:20:39 +0100
Subject: [PATCH 2/2] a silly change to trigger the CI

---
 .github/workflows/zizmor.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index a1c0f4c33..3786a2d47 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -23,4 +23,4 @@ jobs:
           persist-credentials: false
 
       - name: zizmor-action
-        uses: zizmorcore/zizmor-action@v0.5.2
+        uses: zizmorcore/zizmor-action@v0.5.1