From 8237b25b84a5559ed05af866dc33233ae2a589cf Mon Sep 17 00:00:00 2001
From: Dorcas-BD <bamisiledorcas@gmail.com>
Date: Sat, 25 Apr 2026 23:33:49 +0100
Subject: [PATCH] github-actions: suppress cache-poisoning findings for
 intentional GHA cache usage

---
 .github/zizmor.yml | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/zizmor.yml

diff --git a/.github/zizmor.yml b/.github/zizmor.yml
new file mode 100644
index 000000000..f42b0c877
--- /dev/null
+++ b/.github/zizmor.yml
@@ -0,0 +1,7 @@
+rules:
+  cache-poisoning:
+    ignore:
+      # The GHA cache is used intentionally here for build performance.
+      # The risk is accepted as these workflows only build internal images.
+      - ci.yml
+      - deploy.yml