Tests

Add zizmor GHA workflow and solve findings #277

	# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
	# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions

	name: Tests

	on:
	push:
	branches: [ master ]
	pull_request:
	branches: [ master ]

	permissions: {}

	jobs:
	build:

	strategy:
	matrix:
	os: [ubuntu-latest] # windows-latest, macos-latest,
	python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]

	runs-on: ${{ matrix.os }}

	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	submodules: recursive
	persist-credentials: false
	- name: Set up Python ${{ matrix.python-version }}
	uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: ${{ matrix.python-version }}
	- name: Install Python Dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install setuptools
	pip install .[dev]
	- name: Scan with pip-audit
	uses: trailofbits/gh-action-pip-audit@1220774d901786e6f652ae159f7b6bc8fea6d266 # v1.1.0
	- name: Lint with flake8
	run: \|
	# stop the build if there are Python syntax errors or undefined names
	flake8 polyfile polymerge tests --exclude polyfile/kaitai/parsers --count --select=E9,F63,F7,F82 --show-source --statistics
	# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
	flake8 polyfile polymerge tests --exclude polyfile/kaitai/parsers --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
	- name: Test with pytest
	run: \|
	pytest tests

Provide feedback