Skip to content

Commit 7c1619a

Browse files
committed
fix: Run zizmor directly instead of via action to avoid SARIF upload
The zizmorcore/zizmor-action bundles a codeql upload-sarif step that requires GitHub Advanced Security code scanning regardless of repo settings. Replace with a plain pip install + zizmor run, which exits non-zero on findings and needs no special permissions or features.
1 parent 3641dca commit 7c1619a

1 file changed

Lines changed: 1 addition & 3 deletions

File tree

.github/workflows/zizmor.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,12 @@ jobs:
1212
zizmor:
1313
runs-on: ubuntu-latest
1414
permissions:
15-
security-events: write
1615
contents: read
17-
actions: read
1816
steps:
1917
- name: Checkout repository
2018
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2119
with:
2220
persist-credentials: false
2321

2422
- name: Run zizmor 🌈
25-
uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
23+
run: pip install zizmor && zizmor .

0 commit comments

Comments
 (0)