Bump packaging from 26.1 to 26.2 #123

	name: zizmor

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- '*'
	schedule:
	- cron: '0 7 * * 1'
	workflow_dispatch:

	permissions: {}

	jobs:
	zizmor:
	name: Scan GitHub Actions
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write

	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	persist-credentials: false

	- uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
	with:
	enable-cache: true
	python-version: '3.13'

	- name: Run zizmor
	run: uvx --from zizmor zizmor --format=github .

	- name: Generate SARIF report
	if: always()
	run: uvx --from zizmor zizmor --format=sarif --no-exit-codes . > zizmor.sarif

	- name: Upload SARIF report
	if: >
	always() &&
	(github.event_name != 'pull_request' \|\|
	github.event.pull_request.head.repo.full_name == github.repository)
	uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
	with:
	sarif_file: zizmor.sarif

Provide feedback