github-actions-ensure-sha-pinned-actions icon indicating copy to clipboard operation
github-actions-ensure-sha-pinned-actions copied to clipboard

Published 20 hours ago verified publisher icon zgosalvez

Improvement suggestion: provide sha of tag in error message

Open pinkasey opened this issue 3 years ago • 3 comments

here's an example error that I got:

  Error: actions/[email protected] is not pinned to a full length commit SHA.

Here's what I would like to get, if possible:

  Error: actions/[email protected] is not pinned to a full length commit SHA. replace with: "actions/checkout@1e204e9a9253d643386038d443f96446fa156a97 #v2.3.5" verify here .
  .
  .
  Note: don't apply suggestions from this output without checking them first!

And have this link in verify here.

Something like that.

pinkasey avatar Oct 28 '21 14:10 pinkasey

And thanks for this awesome GH Action. I would've though GH would provide this themselves.

pinkasey avatar Oct 28 '21 14:10 pinkasey

@pinkasey Have you tried using Renovate, and having it make PRs for pinning it for you? See:

  • https://docs.renovatebot.com/modules/manager/github-actions/

Specifically, see helpers:pinGitHubActionDigests

MPV avatar Oct 11 '23 09:10 MPV

@pinkasey Have you tried using Renovate, and having it make PRs for pinning it for you? See:

* https://docs.renovatebot.com/modules/manager/github-actions/

Specifically, see helpers:pinGitHubActionDigests

That looks awesome, @MPV ! Thanks!!

pinkasey avatar Jan 02 '24 12:01 pinkasey