Per #51 -- sometimes people put settings directly on the step: body without a with: clause, which both doesn't affect GHA and also causes a confusing message from zizmor (since it complains about the same audit finding, but the "fix" is also visible in the render).
To improve this, we could warn if a Step body has keys other than the ones we expect. This probably needs to be done in github-actions-models and then propagated as an error here.
Per #51 -- sometimes people put settings directly on the
step:body without awith:clause, which both doesn't affect GHA and also causes a confusing message fromzizmor(since it complains about the same audit finding, but the "fix" is also visible in the render).To improve this, we could warn if a
Stepbody has keys other than the ones we expect. This probably needs to be done ingithub-actions-modelsand then propagated as an error here.