gha: Run Zizmor without Advanced Security

This does not change the security of the analysis, this is just to work around zizmorcore/zizmor-action#43. Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
2026-04-04 02:53:45 +00:00 · 2025-09-25 09:45:25 -05:00
parent 7dd298a0aa
commit 1dd4e20f25
1 changed files with 4 additions and 5 deletions
--- a/.github/workflows/zizmor.yaml
+++ b/.github/workflows/zizmor.yaml
@@ -1,7 +1,6 @@
 name: GHA security analysis

 on:
-  push:
  pull_request:

 permissions: {}
@@ -13,9 +12,6 @@ concurrency:
 jobs:
  zizmor:
    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -24,6 +20,9 @@ jobs:
          persist-credentials: false

      - name: Run zizmor
-        uses: zizmorcore/zizmor-action@f52a838cfabf134edcbaa7c8b3677dde20045018 # v0.1.1
+        uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0
        with:
+          advanced-security: false
+          annotations: true
          persona: auditor
+          version: v1.13.0