Commit 0a40dec
authored
fix(ci): correct zizmor-action input names (CopilotKit#4865)
## Summary
The zizmor-action inputs use **hyphens** (`min-severity`,
`advanced-security`), not underscores. The workflow had `min_severity`
and `advanced_security`, which were silently ignored by the action.
Because `advanced-security: false` was never applied, the action
defaulted to SARIF upload mode, which then failed because the job only
grants `contents: read` (no `security-events: write`).
## What changed
- `min_severity` -> `min-severity`
- `advanced_security` -> `advanced-security`
- Updated matching comment
## Verification
The post-job cleanup on the failing run explicitly warned:
```
Unexpected input(s) 'min_severity', 'advanced_security', valid inputs are
['inputs', 'online-audits', 'persona', 'min-severity', 'min-confidence',
'version', 'token', 'advanced-security', 'color', 'annotations', 'config',
'fail-on-no-inputs']
```1 file changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
55 | | - | |
| 55 | + | |
56 | 56 | | |
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
60 | | - | |
61 | | - | |
| 60 | + | |
| 61 | + | |
62 | 62 | | |
0 commit comments