mirror of
https://github.com/zizmorcore/zizmor.git
synced 2025-12-23 08:47:33 +00:00
bf4bf9e0ae
Some checks are pending
Benchmark baseline / Continuous Benchmarking with Bencher (push) Waiting to run
CI / Lint (push) Waiting to run
CI / Test (push) Waiting to run
CI / Test site build (push) Waiting to run
CI / All tests pass (push) Blocked by required conditions
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Release (push) Blocked by required conditions
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Waiting to run
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Waiting to run
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
69 lines
2.2 KiB
YAML
69 lines
2.2 KiB
YAML
name: Test output formats
|
|
|
|
on:
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- labeled
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
test-sarif-presentation:
|
|
name: Test SARIF presentation
|
|
runs-on: ubuntu-latest
|
|
if: contains(github.event.pull_request.labels.*.name, 'test-sarif-presentation')
|
|
permissions:
|
|
pull-requests: write # for 'Leave comment' step
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
|
|
|
|
- name: Run zizmor
|
|
run: |
|
|
cargo run -- --format sarif . > results.sarif
|
|
|
|
- name: Upload SARIF file
|
|
uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
|
|
with:
|
|
sarif_file: results.sarif
|
|
category: zizmor-test-sarif-presentation
|
|
|
|
- name: Leave comment
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
URL: "https://github.com/zizmorcore/zizmor/security/code-scanning?query=pr%3A${{ github.event.pull_request.number }}+is%3Aopen+sort%3Acreated-desc"
|
|
run: |
|
|
gh pr comment "${PR_NUMBER}" \
|
|
--body ":robot: SARIF results: ${URL}"
|
|
|
|
test-github-presentation:
|
|
name: Test GitHub annotations presentation
|
|
runs-on: ubuntu-latest
|
|
if: contains(github.event.pull_request.labels.*.name, 'test-github-presentation')
|
|
permissions: {}
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
|
|
|
|
- name: Run zizmor
|
|
run: |
|
|
# Normally we'd want a workflow to fail if the audit fails,
|
|
# but we're only testing presentation here.
|
|
cargo run \
|
|
-- \
|
|
--no-exit-codes \
|
|
--format github \
|
|
crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml
|