diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index b5359efc3d..de73eadf5d 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -60,3 +60,14 @@ jobs: uses: actions/checkout@v5 - name: black uses: psf/black@stable + + zizmor: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + - name: Run zizmor + uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0 + with: + advanced-security: false + annotations: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f2a9217d6c..c7a51b961e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,3 +24,7 @@ repos: rev: v9.36.0 hooks: - id: eslint + - repo: https://github.com/zizmorcore/zizmor-pre-commit + rev: v1.16.3 + hooks: + - id: zizmor diff --git a/docs/internals/contributing/writing-code/submitting-patches.txt b/docs/internals/contributing/writing-code/submitting-patches.txt index 035eb815cb..841a2109dc 100644 --- a/docs/internals/contributing/writing-code/submitting-patches.txt +++ b/docs/internals/contributing/writing-code/submitting-patches.txt @@ -432,8 +432,8 @@ All code changes * Does the :doc:`coding style ` conform to our - guidelines? Are there any ``black``, ``blacken-docs``, ``flake8``, or - ``isort`` errors? You can install the :ref:`pre-commit + guidelines? Are there any ``black``, ``blacken-docs``, ``flake8``, + ``isort``, or ``zizmor`` errors? You can install the :ref:`pre-commit ` hooks to automatically catch these errors. * If the change is backwards incompatible in any way, is there a note in the release notes (``docs/releases/A.B.txt``)? diff --git a/docs/internals/contributing/writing-code/unit-tests.txt b/docs/internals/contributing/writing-code/unit-tests.txt index 22938c1cea..cba4ba7397 100644 --- a/docs/internals/contributing/writing-code/unit-tests.txt +++ b/docs/internals/contributing/writing-code/unit-tests.txt @@ -69,11 +69,11 @@ command from any place in the Django source tree: $ tox By default, ``tox`` runs the test suite with the bundled test settings file for -SQLite, ``black``, ``blacken-docs``, ``flake8``, ``isort``, ``lint-docs`` and -the documentation spelling checker. In addition to the system dependencies -noted elsewhere in this documentation, the command ``python3`` must be on your -path and linked to the appropriate version of Python. A list of default -environments can be seen as follows: +SQLite, ``black``, ``blacken-docs``, ``flake8``, ``isort``, ``lint-docs``, +``zizmor``, and the documentation spelling checker. In addition to the system +dependencies noted elsewhere in this documentation, the command ``python3`` +must be on your path and linked to the appropriate version of Python. A list of +default environments can be seen as follows: .. console:: @@ -85,6 +85,7 @@ environments can be seen as follows: docs isort>=7.0.0 lint-docs + zizmor>=1.16.3 Testing other Python versions and database backends ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/tox.ini b/tox.ini index 8d4698f084..9888bff0b8 100644 --- a/tox.ini +++ b/tox.ini @@ -14,6 +14,7 @@ envlist = docs isort lint-docs + zizmor # Add environment to use the default python3 installation [testenv:py3] @@ -98,3 +99,11 @@ deps = sphinx-lint changedir = docs commands = make lint + +[testenv:zizmor] +basepython = python3 +usedevelop = false +deps = zizmor >= 1.16.3 +changedir = {toxinidir} +commands = + zizmor .