Ci audit

[shroffk]

Following the advice from #3842 adding zizmor

Checklist

• Testing:

  • The feature has automated tests
  • Tests were run
  • If not, explain how you tested your changes

• Documentation:

  • The feature is documented
  • The documentation is up to date
  • Release notes:
    • Added an entry if the change is breaking or significant
    • Added an entry when adding a new feature

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[shroffk]

Oh God!!!!
What have we unleashed

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[jacomago]

I would rather do this in my pr so it can be a subworkflow pulled into the pr workflow.

Also what about using pre-commit for this? Then it can be checked locally more easily

[minijackson]

TBH, I'm not sure I'd recommend using ci-doctor, it seems to be a project that has only 2 stars and created 2 months ago.

It seems to provide interesting lints, but using such a young, unknown project seems a bit dangerous to me.