search

sethvargo / ratchet

A tool for securing CI/CD workflows with version pinning.
Apache License 2.0
772 stars 32 forks source link

github actions docker still not right #24

Closed sbe-arg closed 2 years ago

sbe-arg commented 2 years ago

TL;DR

Spent a few hours diggin around without luck. When using

      - name: ratchet
        uses: docker://ghcr.io/sethvargo/ratchet:0.2.2
        with:
          args: [ 'pin', 'file.yaml' ]

I get an error A sequence was not expected invalid template

When using 

      - name: ratchet
        uses: docker://ghcr.io/sethvargo/ratchet:0.2.2
        with:
          args: "pin file.yaml"

Feels like making progress... but get permission errors failed to save file.yaml: failed to save file file.yaml: open .github/workflows/ratchet: permission denied

Have tried adding ACTIONS_TOKEN env: and several combinations but cannot pass the permission denied problem,

Expected behavior

Export/Save file.yaml back in runner so I can make a commit or pr or something.

Observed behavior

Documentation has not been tested and is missleading as array is not suported in uses: var:

Version

0.2.2

On what operating system are you using ratchet?

Linux

CI/CD workflow file

name: ratchet

on:

  workflow_dispatch:

jobs:

  ratchet:

    name: ratchet
    runs-on: ubuntu-20.04 # ratchet:exclude

    steps:

      - name: checkout-code
        uses: actions/checkout@v3 # ratchet:exclude
        with:
          fetch-depth: 0
          ref: ${{ github.head_ref }}

      - uses: docker://ghcr.io/sethvargo/ratchet:0.2.2
        with:
          args: "pin file.yaml"

Relevant log output

No response

Additional information

No response

sethvargo commented 2 years ago

I think it's because I'm customizing the user. Fixed in f287ee8c93bf83921d3a933550f5bcc4755df248, and I'll cut a new version later today or tomorrow.

https://docs.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user

sbe-arg commented 2 years ago

Great!