setup-java/.github/workflows/zizmor.yml
Bruno Borges 5f665f19f4 Fix indentation of if: in zizmor SARIF upload step
The `if:` key on the "Upload SARIF results to code scanning" step had no
indentation, producing invalid YAML ("Nested mappings are not allowed in
compact mappings"). This broke `npm run format-check` (prettier) in Basic
validation.

Indent `if:` to 8 spaces so it nests under the step alongside uses/with.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 15:16:53 -04:00

49 lines
1.2 KiB
YAML

name: Security analysis with zizmor
on:
push:
branches:
- main
- releases/*
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
workflow_dispatch:
permissions: {}
jobs:
zizmor:
name: Analyze workflows with zizmor
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write # to upload SARIF results to code scanning
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install zizmor
run: pip install zizmor
- name: Run zizmor
run: zizmor --format sarif .github/workflows/ > zizmor.sarif
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF results to code scanning
if: always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: zizmor.sarif
category: zizmor