diff --git a/pkg/config/config.go b/pkg/config/config.go index 59ee54e..f72fa9d 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -24,6 +24,13 @@ type Exclude struct { StepID string `yaml:"step_id"` } +func (e *Exclude) FilePath() string { + if e.WorkflowFilePath != "" { + return e.WorkflowFilePath + } + return e.ActionFilePath +} + func Find(fs afero.Fs) string { for _, filePath := range []string{"ghalint.yaml", ".ghalint.yaml", "ghalint.yml", ".ghalint.yml"} { if _, err := fs.Stat(filePath); err == nil { diff --git a/pkg/policy/github_app_should_limit_permissions.go b/pkg/policy/github_app_should_limit_permissions.go index 74ad001..33cc848 100644 --- a/pkg/policy/github_app_should_limit_permissions.go +++ b/pkg/policy/github_app_should_limit_permissions.go @@ -66,7 +66,7 @@ func (p *GitHubAppShouldLimitPermissionsPolicy) excluded(excludes []*config.Excl if exclude.PolicyName != p.Name() { continue } - if exclude.WorkflowFilePath != filePath { + if exclude.FilePath() != filePath { continue } if jobName != "" { diff --git a/pkg/policy/github_app_should_limit_repositories.go b/pkg/policy/github_app_should_limit_repositories.go index 9de8af3..1655c93 100644 --- a/pkg/policy/github_app_should_limit_repositories.go +++ b/pkg/policy/github_app_should_limit_repositories.go @@ -72,7 +72,7 @@ func (p *GitHubAppShouldLimitRepositoriesPolicy) excluded(cfg *config.Config, st if exclude.PolicyName != p.Name() { continue } - if exclude.WorkflowFilePath != stepCtx.FilePath { + if exclude.FilePath() != stepCtx.FilePath { continue } if stepCtx.Job != nil && exclude.JobName != stepCtx.Job.Name { diff --git a/pkg/policy/github_app_should_limit_repositories_test.go b/pkg/policy/github_app_should_limit_repositories_test.go index dccc9e5..8b955f8 100644 --- a/pkg/policy/github_app_should_limit_repositories_test.go +++ b/pkg/policy/github_app_should_limit_repositories_test.go @@ -114,6 +114,29 @@ func TestGitHubAppShouldLimitRepositoriesPolicy_ApplyStep(t *testing.T) { //noli }, }, }, + { + name: "exclude action", + cfg: &config.Config{ + Excludes: []*config.Exclude{ + { + PolicyName: "github_app_should_limit_repositories", + ActionFilePath: "foo/action.yaml", + StepID: "token", + }, + }, + }, + stepCtx: &policy.StepContext{ + FilePath: "foo/action.yaml", + }, + step: &workflow.Step{ + Uses: "tibdex/github-app-token@v2", + ID: "token", + With: map[string]string{ + "app_id": "xxx", + "private_key": "xxx", + }, + }, + }, } p := &policy.GitHubAppShouldLimitRepositoriesPolicy{} logE := logrus.NewEntry(logrus.New())