From df654fd487c3afdc94279e54427ddda99a777741 Mon Sep 17 00:00:00 2001
From: Ivan Dlugos <dlugos.ivan@gmail.com>
Date: Tue, 4 Oct 2022 11:20:08 +0200
Subject: [PATCH] fix: danger local action check

---
 CHANGELOG.md         |  6 ++++++
 danger/dangerfile.js | 14 +++++---------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3418de9..c729ca9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 ## Unreleased
 
+## 2.2.2
+
+### Fixes
+
+- Skip local actions when checking pinned actions in Danger ([#41](https://github.com/getsentry/github-workflows/pull/41))
+
 ## 2.2.1
 
 ### Fixes
diff --git a/danger/dangerfile.js b/danger/dangerfile.js
index fb77b70..2eb1eaa 100644
--- a/danger/dangerfile.js
+++ b/danger/dangerfile.js
@@ -134,6 +134,7 @@ async function checkActionsArePinned() {
   const usesRegex = /^\+? *uses:/;
   const usesActionRegex =
     /^\+? *uses: *(?<user>[^\/]+)\/(?<action>[^@]+)@(?<ref>[^ ]*)/;
+  const usesLocalRegex = /^\+? *uses: *\.\//; // e.g. 'uses: ./.github/actions/something'
   const shaRegex = /^[a-f0-9]{40}$/;
   const whitelistedUsers = ["getsentry", "actions"];
 
@@ -142,7 +143,8 @@ async function checkActionsArePinned() {
     for (const chunk of diff.chunks) {
       for (const change of chunk.changes) {
         if (change.add) {
-          const match = change.content.match(usesActionRegex);
+          const line = change.content;
+          const match = line.match(usesActionRegex);
           // Example of `match.groups`:
           // [Object: null prototype] {
           //   user: 'getsentry',
@@ -151,13 +153,7 @@ async function checkActionsArePinned() {
           // }
           if (match && match.groups) {
             if (!match.groups.ref.match(shaRegex)) {
-              if (whitelistedUsers.includes(match.groups.user)) {
-                message(
-                  "Consider pinning the action by specifying a commit SHA instead of a tag/branch.",
-                  path,
-                  change.ln
-                );
-              } else {
+              if (!whitelistedUsers.includes(match.groups.user)) {
                 fail(
                   "Please pin the action by specifying a commit SHA instead of a tag/branch.",
                   path,
@@ -165,7 +161,7 @@ async function checkActionsArePinned() {
                 );
               }
             }
-          } else if (change.content.match(usesRegex)) {
+          } else if (line.match(usesRegex) && !line.match(usesLocalRegex)) {
             warn(
               "Couldn't parse 'uses:' declaration while checking for action pinning.",
               path,