From 90f66f8d5ddf7c0a7b118a03cdd1b0898fa9e454 Mon Sep 17 00:00:00 2001 From: pdmurray Date: Wed, 8 Apr 2026 11:19:33 -0700 Subject: [PATCH 1/4] feat: zizmor --- lsp/zizmor.lua | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 lsp/zizmor.lua diff --git a/lsp/zizmor.lua b/lsp/zizmor.lua new file mode 100644 index 0000000000..96135cfd3c --- /dev/null +++ b/lsp/zizmor.lua @@ -0,0 +1,53 @@ +---@brief +--- +--- https://github.com/zizmorcore/zizmor +--- +--- Zizmor language server. +--- +--- `zizmor` can be installed by following the instructions [here](https://docs.zizmor.sh/installation/). +--- +--- The default `cmd` assumes that the `zizmor` binary can be found in `$PATH`. +--- +--- See `zizmor`'s [documentation](https://docs.zizmor.sh/) for additional documentation. + +---@type vim.lsp.Config +return { + cmd = { 'zizmor', '--lsp' }, + filetypes = { 'yaml' }, + + -- `root_dir` ensures that the LSP does not attach to all yaml files + root_dir = function(bufnr, on_dir) + local parent = vim.fs.dirname(vim.api.nvim_buf_get_name(bufnr)) + if + vim.endswith(parent, '/.github/workflows') + or vim.endswith(parent, '/.forgejo/workflows') + or vim.endswith(parent, '/.gitea/workflows') + then + on_dir(parent) + end + end, + handlers = { + ['actions/readFile'] = function(_, result) + if type(result.path) ~= 'string' then + return nil, nil + end + local file_path = vim.uri_to_fname(result.path) + if vim.fn.filereadable(file_path) == 1 then + local f = assert(io.open(file_path, 'r')) + local text = f:read('*a') + f:close() + + return text, nil + end + return nil, nil + end, + }, + init_options = {}, -- needs to be present https://github.com/neovim/nvim-lspconfig/pull/3713#issuecomment-2857394868 + capabilities = { + workspace = { + didChangeWorkspaceFolders = { + dynamicRegistration = true, + }, + }, + }, +} From e700cf9201441a8b46bfebdab0e1fd276ab39c3b Mon Sep 17 00:00:00 2001 From: pdmurray Date: Sun, 12 Apr 2026 11:45:04 -0700 Subject: [PATCH 2/4] Attach zizmor on dependabot.{yml,yaml} and action.yml as well --- lsp/zizmor.lua | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/lsp/zizmor.lua b/lsp/zizmor.lua index 96135cfd3c..877157d9f9 100644 --- a/lsp/zizmor.lua +++ b/lsp/zizmor.lua @@ -17,31 +17,18 @@ return { -- `root_dir` ensures that the LSP does not attach to all yaml files root_dir = function(bufnr, on_dir) - local parent = vim.fs.dirname(vim.api.nvim_buf_get_name(bufnr)) + local bufname = vim.api.nvim_buf_get_name(bufnr) + local parent = vim.fs.dirname(bufname) if vim.endswith(parent, '/.github/workflows') or vim.endswith(parent, '/.forgejo/workflows') or vim.endswith(parent, '/.gitea/workflows') + or (vim.endswith(bufname, "/.github/dependabot.yml") or vim.endswith(bufname, "/.github/dependabot.yaml")) + or vim.endswith(bufname, 'actions.yml') -- Composite actions can live in any repository subdirectory then on_dir(parent) end end, - handlers = { - ['actions/readFile'] = function(_, result) - if type(result.path) ~= 'string' then - return nil, nil - end - local file_path = vim.uri_to_fname(result.path) - if vim.fn.filereadable(file_path) == 1 then - local f = assert(io.open(file_path, 'r')) - local text = f:read('*a') - f:close() - - return text, nil - end - return nil, nil - end, - }, init_options = {}, -- needs to be present https://github.com/neovim/nvim-lspconfig/pull/3713#issuecomment-2857394868 capabilities = { workspace = { From 77ea19c6156d3d99c7c94f49749efd7138286a71 Mon Sep 17 00:00:00 2001 From: pdmurray Date: Sun, 12 Apr 2026 11:49:20 -0700 Subject: [PATCH 3/4] Typo: actions.yml -> action.yml --- lsp/zizmor.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lsp/zizmor.lua b/lsp/zizmor.lua index 877157d9f9..ea2c4434d0 100644 --- a/lsp/zizmor.lua +++ b/lsp/zizmor.lua @@ -24,7 +24,7 @@ return { or vim.endswith(parent, '/.forgejo/workflows') or vim.endswith(parent, '/.gitea/workflows') or (vim.endswith(bufname, "/.github/dependabot.yml") or vim.endswith(bufname, "/.github/dependabot.yaml")) - or vim.endswith(bufname, 'actions.yml') -- Composite actions can live in any repository subdirectory + or vim.endswith(bufname, 'action.yml') -- Composite actions can live in any repository subdirectory then on_dir(parent) end From cb35fc0171d19f33270222a713bcaa2ca32225bb Mon Sep 17 00:00:00 2001 From: pdmurray Date: Sun, 12 Apr 2026 11:51:01 -0700 Subject: [PATCH 4/4] Fix lint error --- lsp/zizmor.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lsp/zizmor.lua b/lsp/zizmor.lua index ea2c4434d0..3d94dd9f66 100644 --- a/lsp/zizmor.lua +++ b/lsp/zizmor.lua @@ -23,7 +23,7 @@ return { vim.endswith(parent, '/.github/workflows') or vim.endswith(parent, '/.forgejo/workflows') or vim.endswith(parent, '/.gitea/workflows') - or (vim.endswith(bufname, "/.github/dependabot.yml") or vim.endswith(bufname, "/.github/dependabot.yaml")) + or (vim.endswith(bufname, '/.github/dependabot.yml') or vim.endswith(bufname, '/.github/dependabot.yaml')) or vim.endswith(bufname, 'action.yml') -- Composite actions can live in any repository subdirectory then on_dir(parent)