Merge pull request #300 from smallstep/carl/deprecate-frizbee

Deprecate frizbee check — already covered by zizmor

Author: tashian

.github/workflows/frizbee.yml

@@ -1,3 +1,4 @@
+# Deprecated: unpinned action detection is already covered by zizmor.
 name: Frizbee pinning check
 on:
   workflow_call:
@@ -7,31 +8,4 @@ jobs:
     name: frizbee
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-      - name: Install frizbee
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        run: |
-          gh release download v0.1.8 --repo stacklok/frizbee \
-            --pattern 'frizbee_0.1.8_linux_amd64.tar.gz' \
-            --output frizbee.tar.gz
-          tar -xzf frizbee.tar.gz frizbee
-          sudo mv frizbee /usr/local/bin/
-          rm frizbee.tar.gz
-      - name: Check pinning
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        run: |
-          # Run frizbee and capture exit code
-          frizbee actions --dry-run --error .github/workflows/ && exit 0
-
-          # On failure, show exactly which actions are unpinned
-          echo ""
-          echo "The following actions are not pinned to a SHA digest:"
-          echo ""
-          grep -rn 'uses:' .github/workflows/ | grep -v '@[0-9a-f]\{40,\}' | grep -v '^#' || true
-          echo ""
-          echo "Fix with: frizbee actions .github/workflows/"
-          exit 1
+      - run: echo "Skipped — unpinned action detection is covered by zizmor."