From 91f9d1986f8714b685ed639f879797fdb85dd157 Mon Sep 17 00:00:00 2001
From: Tobias Wochinger <tobias.wochinger@clickhouse.com>
Date: Thu, 21 May 2026 10:51:32 +0200
Subject: [PATCH] ci: adjust zizmor advanced security handling

---
 .github/workflows/zizmor.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index a9c3ad4..d838bda 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -15,7 +15,6 @@ permissions: {}
 jobs:
   zizmor:
     name: Check GitHub Actions security
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -28,4 +27,5 @@ jobs:
       - name: Run zizmor
         uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
         with:
-          advanced-security: true
+          advanced-security: ${{ github.event_name == 'push' && 'true' || 'false' }}
+          min-severity: low