Skip to content

Add GitHub Actions zizmor security workflow#2383

Merged
dartpain merged 1 commit intomainfrom
codex/add-zizmor-ci-configuration
Apr 14, 2026
Merged

Add GitHub Actions zizmor security workflow#2383
dartpain merged 1 commit intomainfrom
codex/add-zizmor-ci-configuration

Conversation

@dartpain
Copy link
Copy Markdown
Contributor

@dartpain dartpain commented Apr 14, 2026

Motivation

  • Add a repository-level security analysis workflow that runs Zizmor to produce SARIF results and surface them in GitHub's security view using the zizmorcore/zizmor-action.

Description

  • Add .github/workflows/zizmor.yml which runs on pushes to master and on all pull requests and defines a zizmor job on ubuntu-latest that grants security-events: write for SARIF upload, checks out the repo with a pinned actions/checkout SHA, and runs a pinned zizmorcore/zizmor-action.

Testing

  • No automated tests were run locally for this workflow change; the workflow will be exercised by GitHub Actions when a push to master or a pull request is created.

Codex Task

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 14, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
nextra-docsgpt Building Building Preview, Comment Apr 14, 2026 4:56pm
oss-docsgpt Ready Ready Preview, Comment Apr 14, 2026 4:56pm

Request Review

@github-actions github-actions Bot added the github Github workflows label Apr 14, 2026
@github-advanced-security
Copy link
Copy Markdown
Contributor

github-advanced-security AI commented Apr 14, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@dartpain dartpain merged commit 2fed5c8 into main Apr 14, 2026
17 checks passed
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 14, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.65%. Comparing base (389ddf6) to head (aa938d7).
⚠️ Report is 15 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2383   +/-   ##
=======================================
  Coverage   91.65%   91.65%           
=======================================
  Files         220      220           
  Lines       18372    18372           
=======================================
  Hits        16839    16839           
  Misses       1533     1533

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex github Github workflows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dartpain @github-advanced-security