@@ -379,16 +379,18 @@ jobs:
379379 ZIZMOR_CONFIG : ${{ steps.setup-config.outputs.zizmor-config }}
380380 ZIZMOR_CACHE_DIR : ${{ runner.temp }}/.cache/zizmor
381381 shell : sh
382- run : >-
383- uvx zizmor@"${ZIZMOR_VERSION}"
384- --format sarif
385- --min-severity "${MIN_SEVERITY}"
386- --min-confidence "${MIN_CONFIDENCE}"
387- --cache-dir "${ZIZMOR_CACHE_DIR}"
388- ${ZIZMOR_CONFIG:+--config "${ZIZMOR_CONFIG}"}
389- ${RUNNER_DEBUG:+"--verbose"}
382+ run : |
383+ if [ -z "${ZIZMOR_CONFIG}" ]; then
384+ unset ZIZMOR_CONFIG
385+ fi
386+ uvx zizmor@"${ZIZMOR_VERSION}" \
387+ --format sarif \
388+ --min-severity "${MIN_SEVERITY}" \
389+ --min-confidence "${MIN_CONFIDENCE}" \
390+ --cache-dir "${ZIZMOR_CACHE_DIR}" \
391+ ${RUNNER_DEBUG:+"--verbose"} \
390392 ${ZIZMOR_EXTRA_ARGS:+${ZIZMOR_EXTRA_ARGS}}
391- .
393+ . \
392394 > results.sarif
393395
394396name : Upload artifact
@@ -419,13 +421,15 @@ jobs:
419421 # don't fail the build if zizmor fails - we want to capture the output
420422 # and the exit code
421423 set +e
424+ if [ -z "${ZIZMOR_CONFIG}" ]; then
425+ unset ZIZMOR_CONFIG
426+ fi
422427 uvx zizmor@"${ZIZMOR_VERSION}" \
423428 --format plain \
424429 --min-severity "${MIN_SEVERITY}" \
425430 --min-confidence "${MIN_CONFIDENCE}" \
426431 --cache-dir "${ZIZMOR_CACHE_DIR}" \
427432 ${RUNNER_DEBUG:+"--verbose"} \
428- ${ZIZMOR_CONFIG:+--config "${ZIZMOR_CONFIG}"} \
429433 ${ZIZMOR_EXTRA_ARGS:+${ZIZMOR_EXTRA_ARGS}} \
430434 . \
431435 | tee -a "${GITHUB_OUTPUT}"
0 commit comments