github-actions-ensure-sha-pinned-actions
github-actions-ensure-sha-pinned-actions copied to clipboard
zgosalvez
A Github Action to ensure that actions are pinned to full length commit SHAs
Bumps [eslint](https://github.com/eslint/eslint) from 9.1.0 to 9.1.1. Release notes Sourced from eslint's releases. v9.1.1 Bug Fixes a26b402 fix: use @eslint/create-config latest (#18373) (唯然) Changelog Sourced from eslint's changelog. v9.1.1 - April...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Currently this action is hardcoded to only check workflow files: https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/blob/f32435541e24cd6a4700a7f52bb2ec59e80603b1/src/index.js#L14-L15 As "composite" actions can `uses: ` other actions, it would be nice to be able to use this action...
here's an example error that I got: ``` Error: actions/[email protected] is not pinned to a full length commit SHA. ``` Here's what I would like to get, if possible: ```...
Imagine if one has a "matrix" job which runs different checks for each workflow/action in your repository. Then it would be nice being able to use this action in a...
Hi, Thank you for this github action, it is very useful. At the moment, if I'm not mistaken, it only check the .github folder, but if we have some actions...
