Use zizmor from PyPI (#17512)

DarkaMaul · web-flow · commit 4f96b5fcf074 · 2025-01-28T15:43:13.000Z
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -11,7 +11,7 @@ jobs:
   zizmor:
     # Advanced Security is not enabled on private repositories
     if: github.repository == 'pypi/warehouse'
-    name: Zizmor latest via Cargo
+    name: Zizmor
     runs-on: ubuntu-24.04
     permissions:
       security-events: write
@@ -23,12 +23,12 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Setup Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-      - name: Get zizmor
-        run: cargo install zizmor
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
       - name: Run zizmor
-        run: zizmor --format sarif . > results.sarif
+        run: pipx run zizmor --format sarif . > results.sarif
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v3
         with:
