Feature Request - Have the version too in the workflow file

sethvargo / ratchet

A tool for securing CI/CD workflows with version pinning.

Apache License 2.0

772 stars 32 forks source link

Feature Request - Have the version too in the workflow file #1

Closed vikas027 closed 2 years ago

vikas027 commented 2 years ago

Thanks for creating this @sethvargo.

I think it will be good to have the version too alongside the hash, something like below to easily know what version we are using.

uses: 'actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b' #v 3.0
# or
image: 'ubuntu@sha256:47f14534bda344d9fe6ffd6effb95eefe579f4be0d508b7445cf77f61a0e5724' #tag 20.04

sethvargo commented 2 years ago

Hi @vikas027 - it does that. Ratchet preserves the original version in a comment prefixed with ratchet::

- uses: 'actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b' # ratchet:actions/checkout@v3

Are you seeing something different?

vikas027 commented 2 years ago

Oh, it wasn't there in the README so I had assumed this feature is not there, my bad 😞 Shall I raise a PR to add an example, @sethvargo ?

sethvargo commented 2 years ago

00d75a2..3a4dcd8