From 498fd81a0d98f1693b2fa9b7ede017eb9216ff87 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 15:50:07 +0000 Subject: [PATCH 1/3] Initial plan From 923d485f47c04c0ac217f58d5abc61df3e247db3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 16:01:20 +0000 Subject: [PATCH 2/3] Add URL to zizmor error messages and verbose mode Docker command Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/cli/zizmor.go | 16 +++++++++++++++- pkg/cli/zizmor_test.go | 12 ++++++------ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/pkg/cli/zizmor.go b/pkg/cli/zizmor.go index a80e9d5e2d..02b941a7c7 100644 --- a/pkg/cli/zizmor.go +++ b/pkg/cli/zizmor.go @@ -70,6 +70,13 @@ func runZizmorOnFile(lockFile string, verbose bool, strict bool) error { relPath, ) + // In verbose mode, show the command that users can run directly + if verbose { + dockerCmd := fmt.Sprintf("docker run --rm -v \"%s:/workdir\" -w /workdir ghcr.io/zizmorcore/zizmor:latest --format json %s", + gitRoot, relPath) + fmt.Fprintf(os.Stderr, "%s\n", console.FormatInfoMessage("Run zizmor directly: "+dockerCmd)) + } + // Capture output var stdout, stderr bytes.Buffer cmd.Stdout = &stdout @@ -190,6 +197,7 @@ func parseAndDisplayZizmorOutput(stdout, stderr string, verbose bool) (int, erro severity := finding.Determinations.Severity ident := finding.Ident desc := finding.Desc + url := finding.URL // Find the primary location (first location in the list) if len(finding.Locations) > 0 { @@ -219,6 +227,12 @@ func parseAndDisplayZizmorOutput(stdout, stderr string, verbose bool) (int, erro errorType = "error" } + // Build message with URL link if available + message := fmt.Sprintf("[%s] %s: %s", severity, ident, desc) + if url != "" { + message = fmt.Sprintf("%s (%s)", message, url) + } + // Create and format CompilerError compilerErr := console.CompilerError{ Position: console.ErrorPosition{ @@ -227,7 +241,7 @@ func parseAndDisplayZizmorOutput(stdout, stderr string, verbose bool) (int, erro Column: colNum, }, Type: errorType, - Message: fmt.Sprintf("[%s] %s: %s", severity, ident, desc), + Message: message, Context: context, } diff --git a/pkg/cli/zizmor_test.go b/pkg/cli/zizmor_test.go index 8a740fcb6c..e89e4828cb 100644 --- a/pkg/cli/zizmor_test.go +++ b/pkg/cli/zizmor_test.go @@ -50,7 +50,7 @@ func TestParseAndDisplayZizmorOutput(t *testing.T) { ]`, stderr: " INFO audit: zizmor: 🌈 completed ./.github/workflows/test.lock.yml\n", expectedOutput: []string{ - "./.github/workflows/test.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions", + "./.github/workflows/test.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions (https://docs.zizmor.sh/audits/#excessive-permissions)", }, expectError: false, }, @@ -116,8 +116,8 @@ func TestParseAndDisplayZizmorOutput(t *testing.T) { ]`, stderr: " INFO audit: zizmor: 🌈 completed ./.github/workflows/test.lock.yml\n", expectedOutput: []string{ - "./.github/workflows/test.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions", - "./.github/workflows/test.lock.yml:12:24: error: [High] template-injection: template injection with untrusted input", + "./.github/workflows/test.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions (https://docs.zizmor.sh/audits/#excessive-permissions)", + "./.github/workflows/test.lock.yml:12:24: error: [High] template-injection: template injection with untrusted input (https://docs.zizmor.sh/audits/#template-injection)", }, expectError: false, }, @@ -192,8 +192,8 @@ func TestParseAndDisplayZizmorOutput(t *testing.T) { ]`, stderr: " INFO audit: zizmor: 🌈 completed ./.github/workflows/test1.lock.yml\n INFO audit: zizmor: 🌈 completed ./.github/workflows/test2.lock.yml\n", expectedOutput: []string{ - "./.github/workflows/test1.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions", - "./.github/workflows/test2.lock.yml:12:24: error: [High] template-injection: template injection with untrusted input", + "./.github/workflows/test1.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions (https://docs.zizmor.sh/audits/#excessive-permissions)", + "./.github/workflows/test2.lock.yml:12:24: error: [High] template-injection: template injection with untrusted input (https://docs.zizmor.sh/audits/#template-injection)", }, expectError: false, }, @@ -249,7 +249,7 @@ func TestParseAndDisplayZizmorOutput(t *testing.T) { ]`, stderr: " INFO audit: zizmor: 🌈 completed ./.github/workflows/test.lock.yml\n", expectedOutput: []string{ - "./.github/workflows/test.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions", + "./.github/workflows/test.lock.yml:7:5: warning: [Medium] excessive-permissions: overly broad permissions (https://docs.zizmor.sh/audits/#excessive-permissions)", }, expectError: false, }, From 9cfb8366b2e1f7b9bdef248bfc62419d23ea18de Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 16:09:38 +0000 Subject: [PATCH 3/3] Final validation complete - all tests passing Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/go.mod | 4 +--- docs/src/content/docs/reference/frontmatter-full.md | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/go.mod b/.github/workflows/go.mod index 0eed60d348..189adb4402 100644 --- a/.github/workflows/go.mod +++ b/.github/workflows/go.mod @@ -1,5 +1,3 @@ module github.com/githubnext/gh-aw-workflows-deps -go 1.21 -require ( -) +go 1.21 diff --git a/docs/src/content/docs/reference/frontmatter-full.md b/docs/src/content/docs/reference/frontmatter-full.md index 9895876378..624fe14170 100644 --- a/docs/src/content/docs/reference/frontmatter-full.md +++ b/docs/src/content/docs/reference/frontmatter-full.md @@ -526,8 +526,7 @@ on: # Time when workflow should stop running. Supports multiple formats: absolute # dates (YYYY-MM-DD HH:MM:SS, June 1 2025, 1st June 2025, 06/01/2025, etc.) or - # relative time deltas (+25h, +3d, +1d12h30m). Note: Minute-only units (e.g., +30m) - # are not allowed; use hours instead (e.g., +1h). + # relative time deltas (+25h, +3d, +1d12h30m) # (optional) stop-after: "example-value"