woodruffw
commented
4 days ago To summarize what's happening here: we have some imprecision when looking at runs-on: ..., where ... is an expression (or a composite of expressions).
The most common kind of expression in that position is something like:
runs-on: ${{ matrix.os }}i.e. one of the values of os in the expanded matrix.
In a case like that, what we want to do is (1) walk the possible expansions for matrix.os, and (2) only return a result here if any of them actually expand to self-hosted (or can't be fully solved, e.g. point to yet another expression).
This is similar to #22, but with
self-hosted-runnerinstead oftemplate-injection.Originally posted by @VorpalBlade in https://github.com/woodruffw/zizmor/issues/22#issuecomment-2453388681