github-actions-ensure-sha-pinned-actions
github-actions-ensure-sha-pinned-actions copied to clipboard
zgosalvez
A Github Action to ensure that actions are pinned to full length commit SHAs
Bumps [eslint](https://github.com/eslint/eslint) from 9.1.0 to 9.1.1. Release notes Sourced from eslint's releases. v9.1.1 Bug Fixes a26b402 fix: use @eslint/create-config latest (#18373) (唯然) Changelog Sourced from eslint's changelog. v9.1.1 - April...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Currently this action is hardcoded to only check workflow files: https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/blob/f32435541e24cd6a4700a7f52bb2ec59e80603b1/src/index.js#L14-L15 As "composite" actions can `uses: ` other actions, it would be nice to be able to use this action...
here's an example error that I got: ``` Error: actions/[email protected] is not pinned to a full length commit SHA. ``` Here's what I would like to get, if possible: ```...
Imagine if one has a "matrix" job which runs different checks for each workflow/action in your repository. Then it would be nice being able to use this action in a...
Hi, Thank you for this github action, it is very useful. At the moment, if I'm not mistaken, it only check the .github folder, but if we have some actions...
Bumps [eslint](https://github.com/eslint/eslint) from 9.6.0 to 9.7.0. Release notes Sourced from eslint's releases. v9.7.0 Features 7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630) (Yosuke Ota) 1381394 feat: add...
Previously only showed one problem per file fixes zgosalvez/github-actions-ensure-sha-pinned-actions#162
Using this version: ``` uses: zgosalvez/[email protected] ``` With these lines in among the steps of a workflow in .github/workflows ```yaml steps: - id: files uses: jitterbit/get-changed-files@v1 continue-on-error: true ... more...
Bumps [yaml](https://github.com/eemeli/yaml) from 2.5.0 to 2.5.1. Release notes Sourced from yaml's releases. v2.5.1 Include range in flow sequence pair maps (#573) Commits 5adbb60 2.5.1 29293c4 chore: Simplify Babel config, inlining...
Bumps [eslint](https://github.com/eslint/eslint) from 9.9.1 to 9.10.0. Release notes Sourced from eslint's releases. v9.10.0 Features 301b90d feat: Add types (#18854) (Nicholas C. Zakas) bcf0df5 feat: limit namespace import identifier in id-length...