From 846613e521104fa2f2e1c2023e4a1a9886a2ff48 Mon Sep 17 00:00:00 2001
From: Jacob Walls <jacobtylerwalls@gmail.com>
Date: Fri, 14 Nov 2025 14:06:21 -0500
Subject: [PATCH] Configured dangerous-triggers zizmor rule.

---
 .github/workflows/labels.yml             | 2 ++
 .github/workflows/new_contributor_pr.yml | 4 ++++
 zizmor.yml                               | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index 6986eec033..79ee8af59d 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -3,6 +3,8 @@ name: Labels
 on:
   pull_request_target:
     types: [ edited, opened, reopened, ready_for_review ]
+    branches:
+      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
diff --git a/.github/workflows/new_contributor_pr.yml b/.github/workflows/new_contributor_pr.yml
index 958ebc64d4..194adb3bb8 100644
--- a/.github/workflows/new_contributor_pr.yml
+++ b/.github/workflows/new_contributor_pr.yml
@@ -3,12 +3,16 @@ name: New contributor message
 on:
   pull_request_target:
     types: [opened]
+    branches:
+      - main
 
 permissions:
   pull-requests: write
 
 jobs:
   build:
+    # Only trigger on the main Django repository
+    if: github.repository == 'django/django'
     name: Hello new contributor
     runs-on: ubuntu-latest
     steps:
diff --git a/zizmor.yml b/zizmor.yml
index 8d1b34ed48..76e53f73cc 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -1,4 +1,8 @@
 rules:
+  dangerous-triggers:
+    ignore:
+      - labels.yml
+      - new_contributor_pr.yml
   unpinned-uses:
     config:
       policies: