Skip to content

fix(ci): use jq --arg to correctly inject release date into manifest #5

fix(ci): use jq --arg to correctly inject release date into manifest

fix(ci): use jq --arg to correctly inject release date into manifest #5

Workflow file for this run

name: zizmor - GitHub Actions Security Analysis
on:
push:
pull_request:
permissions: {}
jobs:
zizmor:
name: Run zizmor
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
with:
# Fork PRs get a read-only token (no security-events: write), so the
# SARIF upload would fail. Skip it for forks — they still get inline
# annotations; pushes and same-repo PRs upload to code scanning.
advanced-security: ${{ github.event.pull_request.head.repo.fork != true }}