Per #51 -- sometimes people put settings directly on the step: body without a with: clause, which both doesn't affect GHA and also causes a confusing message from zizmor (since it complains about the same audit finding, but the "fix" is also visible in the render).
To improve this, we could warn if a Step body has keys other than the ones we expect. This probably needs to be done in github-actions-models and then propagated as an error here.
Per #51 -- sometimes people put settings directly on the
step:
body without awith:
clause, which both doesn't affect GHA and also causes a confusing message fromzizmor
(since it complains about the same audit finding, but the "fix" is also visible in the render).To improve this, we could warn if a
Step
body has keys other than the ones we expect. This probably needs to be done ingithub-actions-models
and then propagated as an error here.