MPV
commented
1 year ago For inspiration, see the RegEx that Renovate uses for finding GHA files:
{
"fileMatch": [
"^(workflow-templates|\\.(?:github|gitea|forgejo)/workflows)/[^/]+\\.ya?ml$",
"(^|/)action\\.ya?ml$"
]
}
Imagine if one has a "matrix" job which runs different checks for each workflow/action in your repository. Then it would be nice being able to use this action in a way where we pass/specify the exact path to the file(s) to check.
In the current implementation you're not allowed to pass your own glob string (path+file): https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/blob/f32435541e24cd6a4700a7f52bb2ec59e80603b1/src/index.js#L14-L15
There is the
ZG_WORKFLOWS_PATHoverride, but how does one use it?Also, there's still a hardcoded
*.ya?mlglob, which disallows picking a specific file one-by-one.