search

sethvargo / ratchet

A tool for securing CI/CD workflows with version pinning.
Apache License 2.0
769 stars 32 forks source link

Allow pinning internal actions #60

Closed nitrocode closed 10 months ago

nitrocode commented 10 months ago

New issue?

TL;DR

For internal/private repos, pinning actions would be nice

✗ ratchet pin .github/workflows/snip.yml
failed to pin refs: 1 error occurred:
    * failed to resolve "actions://org/repo/snip/action.yml@snip-v1.0.1": failed to get commit sha: GET https://api.github.com/repos/org/repo/commits/snip-v1.0.1: 404 Not Found []

A workaround for myself is to use mheap/pin-github-action. I'd like to use ratchet since that's what I currently use for open source actions.

export GH_ADMIN_TOKEN=$(gh config get -h github.com oauth_token)
pin-github-action .github/workflows/snip.yml

Detailed design

See above

Additional information

See above

sethvargo commented 10 months ago

Hi @nitrocode what do you mean by "internal" action? Is this on a private GitHub Enterprise Server (behind the firewall), or is this a private repo on GitHub.com?

You should be able to do the same with ratchet:

export ACTIONS_TOKEN=$(gh config get -h github.com oauth_token)
ratchet ./
nitrocode commented 10 months ago

Oh I meant private repo on github.com.

I did not know I could use that env var. Thank you!