OAuth client: keep refresh_token on non-rotating refresh; restore sam… #732

	name: GitHub Actions Security Analysis

	on:
	push:
	branches: ["main"]
	pull_request:
	branches: ["**"]

	permissions: {}

	jobs:
	zizmor:
	runs-on: ubuntu-latest

	permissions:
	security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files.

	steps:
	- name: Checkout repository
	uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
	with:
	persist-credentials: false

	- name: Run zizmor 🌈
	uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6

Provide feedback