From 539cb3a0c4aa7211f1d512ad155672447ed9a2d1 Mon Sep 17 00:00:00 2001
From: MaxymVlasov <MaxymVlasov@users.noreply.github.com>
Date: Mon, 1 Sep 2025 19:31:44 +0300
Subject: [PATCH] chore: Add zizimor as workflow to get GH-native alerts

---
 .github/workflows/ci-cd.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index b9df58231..c57b87bf8 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -506,6 +506,13 @@ jobs:
     secrets:
       codecov-token: ${{ secrets.CODECOV_TOKEN }}
 
+  lint-github-actions:
+    name: Lint GitHub Actions
+    permissions:
+      security-events: write
+    # yamllint disable-line rule:line-length
+    uses: zizmorcore/workflow/.github/workflows/reusable-zizmor.yml@3bb5e95068d0f44b6d2f3f7e91379bed1d2f96a8
+
   check:  # This job does nothing and is only used for the branch protection
 
     # Separate 'pull_request' check from other checks to avoid confusion in