fix: only use zizmor config if it exists (#979)

jamesc-grafana · web-flow · commit 5793b5cefc13 · 2025-05-19T09:09:35.000Z
* fix: only use zizmor config if it exists

* implement suggestions

* implement suggestions

* address comments
diff --git a/.github/workflows/reusable-zizmor.yml b/.github/workflows/reusable-zizmor.yml
@@ -240,6 +240,7 @@ jobs:
       ZIZMOR_VERSION: 1.6.0
       GH_TOKEN: ${{ inputs.github-token || github.token }}
       ZIZMOR_EXTRA_ARGS: ${{ inputs.extra-args }}
+      DEFAULT_ZIZMOR_CONFIG_DOWNLOADED: ${{ needs.job-workflow-ref.outputs.sha }}
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
@@ -256,13 +257,14 @@ jobs:
       - name: Restore config from cache
         id: cache-config
         uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        if: env.DEFAULT_ZIZMOR_CONFIG_DOWNLOADED
         with:
           path: ${{ runner.temp }}/zizmor.yml
           key: zizmor-config-${{ needs.job-workflow-ref.outputs.repo }}-${{ needs.job-workflow-ref.outputs.sha }}
 
       - name: Fetch Zizmor Config
         id: fetch-config
-        if: steps.cache-config.outputs.cache-hit != 'true'
+        if: steps.cache-config.outputs.cache-hit != 'true' && env.DEFAULT_ZIZMOR_CONFIG_DOWNLOADED
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           OWNER: ${{ needs.job-workflow-ref.outputs.owner }}
@@ -349,7 +351,9 @@ jobs:
           fi
 
           ZIZMOR_CONFIG="${{ runner.temp }}/zizmor.yml"
-          echo "zizmor-config=${ZIZMOR_CONFIG}" | tee -a "${GITHUB_OUTPUT}"
+          if [ -n "${DEFAULT_ZIZMOR_CONFIG_DOWNLOADED}" ]; then
+            echo "zizmor-config=${ZIZMOR_CONFIG}" | tee -a "${GITHUB_OUTPUT}"
+          fi
 
       - name: Setup UV
         uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
