Refactor Zizmor configuration to use organization-level secrets and remove deprecated file

MariusStorhaug · MariusStorhaug · commit 103267dc4c57 · 2026-05-16T17:39:06.000+02:00
diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml
@@ -2,3 +2,16 @@ rules:
   template-injection:
     ignore:
       - action.yml
+
+  secrets-outside-env:
+    # These test credentials are intentionally managed as organization-level
+    # secrets for reusable test workflows across repositories.
+    config:
+      allow:
+        - TEST_USER_PAT
+        - TEST_USER_USER_FG_PAT
+        - TEST_USER_ORG_FG_PAT
+        - TEST_APP_ENT_CLIENT_ID
+        - TEST_APP_ENT_PRIVATE_KEY
+        - TEST_APP_ORG_CLIENT_ID
+        - TEST_APP_ORG_PRIVATE_KEY
diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml
@@ -1,6 +1,6 @@
 name: Linter
 
-run-name: "Linter - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}"
+run-name: 'Linter - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}'
 
 on: [pull_request]
 
diff --git a/zizmor.yml b/zizmor.yml
