name: Validate All GitHub Actions

on:
  push:
    branches:
      - "master"
      - "[0-9].[0-9]*"
  pull_request:
    branches:
      - "**"

permissions:
  contents: read

jobs:

  validate-all-ghas:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: '20'

      - name: Install Dependencies
        run: npm install -g @action-validator/core @action-validator/cli --save-dev

      - name: Run Script
        run: bash .github/workflows/github-action-validator.sh

      - name: Check for security issues on GHA workflows
        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6