Skip to content

fix(ci): add security-events permission and action.yml to zizmor paths#218

Merged
jpr5 merged 1 commit into
mainfrom
fix/zizmor-sarif-permissions
May 15, 2026
Merged

fix(ci): add security-events permission and action.yml to zizmor paths#218
jpr5 merged 1 commit into
mainfrom
fix/zizmor-sarif-permissions

Conversation

@jpr5
Copy link
Copy Markdown
Contributor

@jpr5 jpr5 commented May 15, 2026

Two fixes for the Zizmor workflow:

  1. Add security-events: write permission - The zizmor-action uploads SARIF results via codeql-action/upload-sarif, which requires this permission. Without it, every run fails with "Resource not accessible by integration" even when zizmor finds zero issues.

  2. Add action.yml to path triggers - The repo's composite action (action.yml) was only scanned on workflow_dispatch, not on push/PR changes.

@jpr5
fix(ci): add security-events permission and action.yml to zizmor paths
ef3dde9 
The zizmor-action uploads SARIF results via codeql-action/upload-sarif,
which requires security-events: write. Without it, every run fails with
"Resource not accessible by integration" even when zizmor itself finds
zero issues.

Also add action.yml to the path trigger so the composite action is
scanned on changes (it was previously only scanned on workflow_dispatch).
@jpr5 jpr5 merged commit 6b3895e into main May 15, 2026
13 checks passed
@jpr5 jpr5 deleted the fix/zizmor-sarif-permissions branch May 15, 2026 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jpr5