search

zgosalvez / github-actions-ensure-sha-pinned-actions

A Github Action to ensure that actions are pinned to full length commit SHAs
https://github.com/marketplace/actions/ensure-sha-pinned-actions
MIT License
37 stars 12 forks source link

Workflow file with multiple uses only shows first failure #162

Open leemeador opened 5 months ago

leemeador commented 5 months ago

Using this version:

        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@v3.0.7

With these lines in among the steps of a workflow in .github/workflows

    steps:
      - id: files
        uses: jitterbit/get-changed-files@v1
        continue-on-error: true

    ... more stuff here without any 'uses" steps ...

      - name: Checkout Repo
        uses: actions/checkout@v4.1.1

shows this error:

.github/workflows/the-workflow.yaml
  Error:  jitterbit/get-changed-files@v1 is not pinned to a full length commit SHA.

And there is no mention of the checkout without a sha

zgosalvez commented 5 months ago

The current behavior is by-design, so I'm labeling this issue as an enhancement.