From a2914e20764adb7fbbcba4c14f689e7ca65e2f6e Mon Sep 17 00:00:00 2001 From: Ivan Dlugos <6349682+vaind@users.noreply.github.com> Date: Sun, 11 Feb 2024 13:39:57 +0100 Subject: [PATCH] fix: danger pin check (#70) * fix: danger pin check * chore: update changelog --- CHANGELOG.md | 6 ++++++ danger/CONTRIBUTING.md | 13 +++++++------ danger/dangerfile.js | 2 +- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 440a483..52ff14f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2.9.1 + +### Fixes + +- Danger - fix pinned action check if the ref is at the end of the file ([#70](https://github.com/getsentry/github-workflows/pull/70)) + ## 2.9.0 ### Fixes diff --git a/danger/CONTRIBUTING.md b/danger/CONTRIBUTING.md index f8532b5..5bd26ee 100644 --- a/danger/CONTRIBUTING.md +++ b/danger/CONTRIBUTING.md @@ -7,12 +7,13 @@ ## TLDR -```shell-script -export DANGER_GITHUB_API_TOKEN='XXX' -export DANGER_FAKE_CI="YEP" -export DANGER_TEST_REPO='username/reponame' +```pwsh +$env:DANGER_GITHUB_API_TOKEN = gh auth token +$env:DANGER_FAKE_CI = 'YEP' +$env:DANGER_TEST_REPO = 'username/reponame' +$env:DANGER_TEST_PR = 1234 + cd reponame -export DANGER_TEST_PR='1234' -git checkout branch-for-pr-1234 +gh pr checkout $env:DANGER_TEST_PR npx danger ci --text-only --failOnErrors --dangerfile=../github-workflows/danger/dangerfile.js ``` diff --git a/danger/dangerfile.js b/danger/dangerfile.js index 3b39a3a..17a4b70 100644 --- a/danger/dangerfile.js +++ b/danger/dangerfile.js @@ -146,7 +146,7 @@ async function checkActionsArePinned() { const usesRegex = /^\+? *uses:/; const usesActionRegex = - /^\+? *uses: *(?[^\/]+)\/(?[^@]+)@(?[^ ]*)/; + /^\+? *uses: *(?[^\/]+)\/(?[^@]+)@(?[^\s]+)/; const usesLocalRegex = /^\+? *uses: *\.\//; // e.g. 'uses: ./.github/actions/something' const shaRegex = /^[a-f0-9]{40}$/; const whitelistedUsers = ["getsentry", "actions", "github"];