From 87694d652e08b80891fc27fb48e98c0e4d4238b7 Mon Sep 17 00:00:00 2001
From: andrewg-mira <89816284+andrewg-mira@users.noreply.github.com>
Date: Tue, 3 Feb 2026 11:33:30 -0800
Subject: [PATCH] DEVOPS-977 default zizmor config to allow MiraGeoscience
 unpinned actions

---
 .github/actions/setup-zizmor-config/action.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/actions/setup-zizmor-config/action.yml b/.github/actions/setup-zizmor-config/action.yml
index f50e014..53b244e 100644
--- a/.github/actions/setup-zizmor-config/action.yml
+++ b/.github/actions/setup-zizmor-config/action.yml
@@ -6,12 +6,16 @@ runs:
     - name: Ensure default zizmor.yml
       shell: bash
       run: |
-        if [ ! -f zizmor.yml ]; then
+        if [[ ! -f zizmor.yml || $(wc -l < zizmor.yml) -eq 1 ]]; then
           echo "Creating a custom zizmor.yml configuration file for CI..."
           cat > zizmor.yml << 'EOF'
         rules:
           dependabot-cooldown:
             disable: true
+          unpinned-uses:
+            config:
+              policies:
+                MiraGeoscience/*: any
         EOF
         else
           echo "⊘ Found existing zizmor.yml configuration file"