search

mheap / pin-github-action

Pin your GitHub actions to a specific hash
MIT License
73 stars 7 forks source link

Feature Request: add minor and patch version of action when pinning from major only #164

Closed meiao closed 4 months ago

meiao commented 4 months ago

When an action version is selected by the major version, the command will pin the latest hash for that major, but the comment does not indicate the minor/patch versions that it was pinned to.

For example:

- uses: actions/checkout@v4

turns into

- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4

But some time from now, it would be good to know if that is version 4.2.0 or 4.5.0. So the following would be desired.

- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4.1.4
mheap commented 4 months ago

Hey Andre. The pin@ line is used to know which ref to read when upgrading the pinned sha. If it includes the full version, the action will never be updated.

To find out which version a sha belongs to, visit the GitHub UI and look at the tags in the top box

meiao commented 4 months ago

Right. We are using this as a one time only thing. So that would makes sense for us.