search

mheap / pin-github-action

Pin your GitHub actions to a specific hash
MIT License
73 stars 7 forks source link

`Unable to find SHA for someuser/somerepo@ v1.5.1` #151

Closed MPV closed 10 months ago

MPV commented 10 months ago

I have workflows using actions like this:

$ grep -rnih "create-github-app-token" .github/workflows
35:        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e # v1.5.1
104:        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e # v1.5.1
127:        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e # v1.5.1

i.e. I use the "pinning comment" format that Renovate uses/supports: https://docs.renovatebot.com/modules/manager/github-actions/#additional-information

But when I run this, it fails with:

$ npx pin-github-action -c ' # {ref}' .github/workflows/*
Unable to find SHA for actions/create-github-app-token@ v1.5.1

Any ideas what's wrong?

MPV commented 10 months ago

I see now that I used it incorrectly, as your readme recommended using it like this:

pin-github-action -c " {ref}" /path/to/workflow.yaml

It works slightly better now that I instead run: npx pin-github-action -c ' {ref}' .github/workflows/*

i.e:

-npx pin-github-action -c ' # {ref}' .github/workflows/*
+npx pin-github-action -c ' {ref}' .github/workflows/*