chore(deps): update pre-commit hooks (minor) (#48)

renovate[bot] · mschoettle · web-flow · commit 9e9364c9a6b3 · 2025-07-02T14:49:58.000-04:00
Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: Matthias Schoettle &lt;git@mattsch.com&gt;
diff --git a/.github/actions/docker-build/action.yaml b/.github/actions/docker-build/action.yaml
@@ -46,7 +46,7 @@ runs:
     - name: Validate build configuration
       uses: docker/build-push-action@v6.18.0
       with:
-        context: ${{ inputs.context }}
+        context: ${{ inputs.context }}  # zizmor: ignore[template-injection]
         call: check
     - name: Extract metadata (tags, labels) for Docker
       id: meta
@@ -72,7 +72,7 @@ runs:
       id: push
       uses: docker/build-push-action@v6.18.0
       with:
-        context: ${{ inputs.context }}
+        context: ${{ inputs.context }}  # zizmor: ignore[template-injection]
         # load image into docker to test it in the next step
         load: true
         # only push to the registry when it is not a PR (i.e., main branch)
diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
@@ -22,6 +22,7 @@ permissions:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
+  CONTEXT: ${{ inputs.context }}
 
 jobs:
   build-image:
@@ -44,7 +45,7 @@ jobs:
       - name: Validate build configuration
         uses: docker/build-push-action@v6.18.0
         with:
-          context: ${{ inputs.context }}
+          context: ${{ env.CONTEXT }}  # zizmor: ignore[template-injection]
           call: check
       - name: Extract metadata (tags, labels) for Docker
         id: meta
@@ -70,7 +71,7 @@ jobs:
         id: push
         uses: docker/build-push-action@v6.18.0
         with:
-          context: ${{ inputs.context }}
+          context: ${{ env.CONTEXT }}  # zizmor: ignore[template-injection]
           # load image into docker to test it in the next step
           load: true
           # only push to the registry when it is not a PR (i.e., main branch)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -36,13 +36,13 @@ repos:
       - id: reuse-lint-file
 
   - repo: https://github.com/crate-ci/typos
-    rev: v1.32.0
+    rev: v1.34.0
     hooks:
       - id: typos
 
   # zizmor detects security vulnerabilities in GitHub Actions workflows.
   - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v1.8.0
+    rev: v1.11.0
     hooks:
       - id: zizmor
 
@@ -51,6 +51,8 @@ repos:
     hooks:
       - id: check-github-workflows
         args: ["--verbose"]
+      - id: check-github-actions
+        args: ["--verbose"]
       - id: check-renovate
         args: ["--verbose"]
         additional_dependencies: ['json5']
