Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Releases can't be pinned to SHAs #23

Closed
evverx opened this issue Jun 23, 2022 · 3 comments
Closed

Releases can't be pinned to SHAs #23

evverx opened this issue Jun 23, 2022 · 3 comments

Comments

@evverx
Copy link

evverx commented Jun 23, 2022

When the action is pinned to a full SHA of a release (as recommended in https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) it fails with

2022-06-23T14:25:16.5848216Z ##[group]Run stefanbuck/github-issue-parser@fb73b92b5c4d283c3e9a198f2bb7dbbf6cf87079
2022-06-23T14:25:16.5848597Z with:
2022-06-23T14:25:16.5848885Z   template-path: .github/ISSUE_TEMPLATE/bug_report.yml
2022-06-23T14:25:16.5849185Z ##[endgroup]
2022-06-23T14:25:16.5973472Z ##[error]File not found: '/home/runner/work/_actions/stefanbuck/github-issue-parser/fb73b92b5c4d283c3e9a198f2bb7dbbf6cf87079/dist/index.js'
2022-06-23T14:25:16.6046545Z Post job cleanup.

To get it around it was pinned to fc06b2a. It kind of works but it isn't compatible with Dependabot in the sense that it can't update the action automatically because it follows releases usually.

cc @jamacku
@stefanbuck
Copy link
Owner

Thanks for sharing. The release is mainly handled by https://github.com/semantic-release/semantic-release, which generates the release. However the actual build is happening afterwards which then results in n this unpleasant state. I'll look into it

@stefanbuck
Copy link
Owner

Will work on this as part of the upcoming v3 release

stefanbuck added a commit that referenced this issue Sep 11, 2022
@stefanbuck
fix: Ensure releases can be pinned to SHAs #23
a1ce71f
stefanbuck added a commit that referenced this issue Sep 11, 2022
@stefanbuck
fix: Ensure releases can be pinned to SHAs #23 (#39)
428eec3
@stefanbuck
Copy link
Owner

Fixed in v2.0.4 and onwards. Thanks for making me aware of this issue.

mrc0mmand added a commit to mrc0mmand/systemd that referenced this issue Oct 1, 2022
@mrc0mmand
ci: pin stefanbuck/github-issue-parser to a tagged release
926cdf0 
Since [0] got resolved ([1]) we can finally pin the action to a tagged
release (v2.0.4 ATTOW) and let Dependabot to do its job by updating it
to the latest tagged release when it becomes available.

Replaces: systemd#24886

[0] stefanbuck/github-issue-parser#23
[1] stefanbuck/github-issue-parser#39
@mrc0mmand mrc0mmand mentioned this issue Oct 1, 2022
Merged
mrc0mmand added a commit to systemd/systemd that referenced this issue Oct 1, 2022
@mrc0mmand
ci: pin stefanbuck/github-issue-parser to a tagged release
f00fe51 
Since [0] got resolved ([1]) we can finally pin the action to a tagged
release (v2.0.4 ATTOW) and let Dependabot to do its job by updating it
to the latest tagged release when it becomes available.

Replaces: #24886

[0] stefanbuck/github-issue-parser#23
[1] stefanbuck/github-issue-parser#39
@stefanbuck stefanbuck mentioned this issue Oct 20, 2022
Merged
@joshjohanning joshjohanning mentioned this issue Oct 25, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefanbuck @evverx