kevinjqliu commented on code in PR #15820:
URL: https://github.com/apache/iceberg/pull/15820#discussion_r3011705257
##########
.github/workflows/zizmor.yml:
##########
@@ -31,8 +31,7 @@ jobs:
zizmor:
name: Run zizmor 🌈
runs-on: ubuntu-latest
- permissions:
- security-events: write # Required for upload-sarif (used by
zizmor-action) to upload SARIF files.
+ permissions: {}
Review Comment:
yes, see https://github.com/apache/iceberg/pull/15820/files#r3006745722
zizmor's default behavior is to not error in CI and report to the "security"
tab via upload-sarif. We actually want zizmor to fail in CI during PR review so
disabling its `advanced-security` feature
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
