google-github-actions/auth
1
0
Fork 0
mirror of https://github.com/google-github-actions/auth.git synced 2026-06-06 16:47:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: warn if the action is pinned to HEAD (#99)

Browse source
This commit is contained in:
Seth Vargo 2021-12-29 12:58:41 -05:00 committed by GitHub
commit 419a2c3bfe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/main.ts
View file

@ -10,6 +10,7 @@ import {
setFailed,
setOutput,
setSecret,
warning as logWarning,
} from '@actions/core';
import {
errorMessage,
@ -35,10 +36,28 @@ const oidcWarning =
`GitHub Actions workflow permissions are incorrect, or this job is being ` +
`run from a fork. For more information, please see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token`;
const headWarning =
`google-github-actions/auth is pinned at HEAD. We strongly advise against ` +
`pinning to "@main" as it may be unstable. Please update your GitHub ` +
`Action YAML from:\n` +
`\n` +
` uses: 'google-github-actions/auth@main'\n` +
`\n` +
`to:\n` +
`\n` +
` uses: 'google-github-actions/auth@v0'\n` +
`\n` +
`Alternatively, you can pin to any git tag or git SHA in the repository.`;
/**
* Executes the main action, documented inline.
*/
async function run(): Promise<void> {
// Warn if pinned to HEAD
if (process.env.GITHUB_ACTION_REF == 'main') {
logWarning(headWarning);
}
try {
// Load configuration.
const projectID = getInput('project_id');