fix: danger pin check (#70)

* fix: danger pin check * chore: update changelog
getsentry · Feb 11, 2024 · a2914e2 · a2914e2
1 parent 3f3a3b4
commit a2914e2
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2.9.1
+
+### Fixes
+
+- Danger - fix pinned action check if the ref is at the end of the file ([#70](https://github.com/getsentry/github-workflows/pull/70))
+
 ## 2.9.0
 
 ### Fixes

diff --git a/danger/CONTRIBUTING.md b/danger/CONTRIBUTING.md
@@ -7,12 +7,13 @@
 
 ## TLDR
 
-```shell-script
-export DANGER_GITHUB_API_TOKEN='XXX'
-export DANGER_FAKE_CI="YEP"
-export DANGER_TEST_REPO='username/reponame'
+```pwsh
+$env:DANGER_GITHUB_API_TOKEN = gh auth token
+$env:DANGER_FAKE_CI = 'YEP'
+$env:DANGER_TEST_REPO = 'username/reponame'
+$env:DANGER_TEST_PR = 1234
+
 cd reponame
-export DANGER_TEST_PR='1234'
-git checkout branch-for-pr-1234
+gh pr checkout $env:DANGER_TEST_PR
 npx danger ci --text-only --failOnErrors --dangerfile=../github-workflows/danger/dangerfile.js
 ```
diff --git a/danger/dangerfile.js b/danger/dangerfile.js
@@ -146,7 +146,7 @@ async function checkActionsArePinned() {
 
   const usesRegex = /^\+? *uses:/;
   const usesActionRegex =
-    /^\+? *uses: *(?<user>[^\/]+)\/(?<action>[^@]+)@(?<ref>[^ ]*)/;
+    /^\+? *uses: *(?<user>[^\/]+)\/(?<action>[^@]+)@(?<ref>[^\s]+)/;
   const usesLocalRegex = /^\+? *uses: *\.\//; // e.g. 'uses: ./.github/actions/something'
   const shaRegex = /^[a-f0-9]{40}$/;
   const whitelistedUsers = ["getsentry", "actions", "github"];