zizmor: fix issues

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

Author: crazy-max

.github/workflows/.pr-assign-author.yml

@@ -1,17 +1,51 @@
 name: .pr-assign-author
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
   contents: read
 
 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout
     types:
       - opened
       - reopened
 
 jobs:
-  run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+  assign-author:
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       pull-requests: write
+    steps:
+      -
+        name: Assigning author to PR
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            try {
+              const dt = context.payload?.pull_request;
+              if (!dt) {
+                throw new Error(`No pull request payload found, skipping.`);
+              }
+            
+              const { assignees, number, user: { login: author, type } } = dt;
+              if (assignees.length > 0) {
+                throw new Error(`Pull request is already assigned to someone, skipping.`);
+              } else if (type !== 'User') {
+                throw new Error(`Not a user, skipping.`);
+              }
+            
+              const respAdd = await github.rest.issues.addAssignees({
+                ...context.repo,
+                issue_number: number,
+                assignees: [author]
+              });
+              core.debug(`addAssignees resp: ${JSON.stringify(respAdd, null, 2)}`);
+              if (respAdd.status !== 201) {
+                throw new Error(`Failed to assign @${author} to the pull request #${number}.`);
+              }
+            
+              core.info(`@${author} has been assigned to the pull request #${number}`);
+            } catch (e) {
+              core.warning(e.message);
+            }

.github/workflows/.test-bake.yml

@@ -1,5 +1,9 @@
 name: .test-bake
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true

.github/workflows/.test-build.yml

@@ -1,5 +1,9 @@
 name: .test-build
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true

.github/workflows/.zizmor.yml

@@ -4,6 +4,10 @@ name: .zizmor
 permissions:
   contents: read
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   workflow_dispatch:
   push: