From e455ae16b8fbe2c37121c8625a9ee4c39f04f124 Mon Sep 17 00:00:00 2001
From: Daniel Hast <hast.daniel@protonmail.com>
Date: Thu, 6 Nov 2025 15:14:15 -0500
Subject: [PATCH] ci: add Zizmor pre-commit hook

Zizmor can flag many common security issues using static analysis of CI
workflows. See https://docs.zizmor.sh/ for documentation.
---
 .pre-commit-config.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 39c687f39..73a5dc238 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -20,6 +20,11 @@ repos:
   hooks:
   - id: typos
 
+- repo: https://github.com/zizmorcore/zizmor-pre-commit
+  rev: v1.16.3
+  hooks:
+  - id: zizmor
+    args: ['--persona=auditor', '--no-progress']
 
 ci:
   autoupdate_commit_msg: "chore(pre-commit): autoupdate"