chore(deps): bump the github-actions group with 4 updates #2561
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test output formats | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - labeled | |
| permissions: {} | |
| jobs: | |
| test-sarif-presentation: | |
| name: Test SARIF presentation | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.pull_request.labels.*.name, 'test-sarif-presentation') | |
| permissions: | |
| pull-requests: write # for 'Leave comment' step | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 | |
| - name: Run zizmor | |
| run: | | |
| cargo run -- --format sarif . > results.sarif | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 | |
| with: | |
| sarif_file: results.sarif | |
| category: zizmor-test-sarif-presentation | |
| - name: Leave comment | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| URL: "https://github.com/zizmorcore/zizmor/security/code-scanning?query=pr%3A${{ github.event.pull_request.number }}+is%3Aopen+sort%3Acreated-desc" | |
| run: | | |
| gh pr comment "${PR_NUMBER}" \ | |
| --body ":robot: SARIF results: ${URL}" | |
| test-github-presentation: | |
| name: Test GitHub annotations presentation | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.pull_request.labels.*.name, 'test-github-presentation') | |
| permissions: {} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 | |
| - name: Run zizmor | |
| run: | | |
| # Normally we'd want a workflow to fail if the audit fails, | |
| # but we're only testing presentation here. | |
| cargo run \ | |
| -- \ | |
| --no-exit-codes \ | |
| --format github \ | |
| crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml | |
| test-plain-presentation: | |
| name: Test plain text presentation | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.pull_request.labels.*.name, 'test-plain-presentation') | |
| permissions: {} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 | |
| - name: Run zizmor | |
| run: | | |
| # Normally we'd want a workflow to fail if the audit fails, | |
| # but we're only testing presentation here. | |
| cargo run \ | |
| -- \ | |
| --no-exit-codes \ | |
| --format plain \ | |
| crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml |