Skip to content

Commit 0a40dec

Browse files
authored
fix(ci): correct zizmor-action input names (CopilotKit#4865)
## Summary The zizmor-action inputs use **hyphens** (`min-severity`, `advanced-security`), not underscores. The workflow had `min_severity` and `advanced_security`, which were silently ignored by the action. Because `advanced-security: false` was never applied, the action defaulted to SARIF upload mode, which then failed because the job only grants `contents: read` (no `security-events: write`). ## What changed - `min_severity` -> `min-severity` - `advanced_security` -> `advanced-security` - Updated matching comment ## Verification The post-job cleanup on the failing run explicitly warned: ``` Unexpected input(s) 'min_severity', 'advanced_security', valid inputs are ['inputs', 'online-audits', 'persona', 'min-severity', 'min-confidence', 'version', 'token', 'advanced-security', 'color', 'annotations', 'config', 'fail-on-no-inputs'] ```
2 parents 3ccad7f + 2e918ff commit 0a40dec

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

.github/workflows/security_zizmor.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,11 +52,11 @@ jobs:
5252
persist-credentials: false
5353

5454
- name: Run zizmor
55-
# `min_severity: low` blocks PRs on the broadest set of findings
55+
# `min-severity: low` blocks PRs on the broadest set of findings
5656
# without flagging hypothetical-only `informational` notes. Drop
5757
# to `medium` if low-severity churn becomes a problem.
5858
uses: zizmorcore/zizmor-action@b572f7b1a1c2d41efaab43d504f68d215c3cd727 # v0.5.4
5959
with:
60-
min_severity: low
61-
advanced_security: false
60+
min-severity: low
61+
advanced-security: false
6262
config: .github/zizmor.yml

0 commit comments

Comments
 (0)