From 07fbae0411f318db576cf25af877e7c438640f94 Mon Sep 17 00:00:00 2001
From: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Date: Sat, 8 Jun 2024 18:09:21 +0900
Subject: [PATCH 1/2] fix(run-action): fix a bug that
 github_app_should_limit_repositories can't be excluded

---
 pkg/config/config.go                               | 7 +++++++
 pkg/policy/github_app_should_limit_permissions.go  | 2 +-
 pkg/policy/github_app_should_limit_repositories.go | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkg/config/config.go b/pkg/config/config.go
index 59ee54e..f72fa9d 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -24,6 +24,13 @@ type Exclude struct {
 	StepID           string `yaml:"step_id"`
 }
 
+func (e *Exclude) FilePath() string {
+	if e.WorkflowFilePath != "" {
+		return e.WorkflowFilePath
+	}
+	return e.ActionFilePath
+}
+
 func Find(fs afero.Fs) string {
 	for _, filePath := range []string{"ghalint.yaml", ".ghalint.yaml", "ghalint.yml", ".ghalint.yml"} {
 		if _, err := fs.Stat(filePath); err == nil {
diff --git a/pkg/policy/github_app_should_limit_permissions.go b/pkg/policy/github_app_should_limit_permissions.go
index 74ad001..33cc848 100644
--- a/pkg/policy/github_app_should_limit_permissions.go
+++ b/pkg/policy/github_app_should_limit_permissions.go
@@ -66,7 +66,7 @@ func (p *GitHubAppShouldLimitPermissionsPolicy) excluded(excludes []*config.Excl
 		if exclude.PolicyName != p.Name() {
 			continue
 		}
-		if exclude.WorkflowFilePath != filePath {
+		if exclude.FilePath() != filePath {
 			continue
 		}
 		if jobName != "" {
diff --git a/pkg/policy/github_app_should_limit_repositories.go b/pkg/policy/github_app_should_limit_repositories.go
index 9de8af3..1655c93 100644
--- a/pkg/policy/github_app_should_limit_repositories.go
+++ b/pkg/policy/github_app_should_limit_repositories.go
@@ -72,7 +72,7 @@ func (p *GitHubAppShouldLimitRepositoriesPolicy) excluded(cfg *config.Config, st
 		if exclude.PolicyName != p.Name() {
 			continue
 		}
-		if exclude.WorkflowFilePath != stepCtx.FilePath {
+		if exclude.FilePath() != stepCtx.FilePath {
 			continue
 		}
 		if stepCtx.Job != nil && exclude.JobName != stepCtx.Job.Name {

From 6b8917db3543b52f097ad08c1fe5ac4c4ba24dfd Mon Sep 17 00:00:00 2001
From: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Date: Sat, 8 Jun 2024 18:15:56 +0900
Subject: [PATCH 2/2] test: add a test case

---
 ...thub_app_should_limit_repositories_test.go | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/pkg/policy/github_app_should_limit_repositories_test.go b/pkg/policy/github_app_should_limit_repositories_test.go
index dccc9e5..8b955f8 100644
--- a/pkg/policy/github_app_should_limit_repositories_test.go
+++ b/pkg/policy/github_app_should_limit_repositories_test.go
@@ -114,6 +114,29 @@ func TestGitHubAppShouldLimitRepositoriesPolicy_ApplyStep(t *testing.T) { //noli
 				},
 			},
 		},
+		{
+			name: "exclude action",
+			cfg: &config.Config{
+				Excludes: []*config.Exclude{
+					{
+						PolicyName:     "github_app_should_limit_repositories",
+						ActionFilePath: "foo/action.yaml",
+						StepID:         "token",
+					},
+				},
+			},
+			stepCtx: &policy.StepContext{
+				FilePath: "foo/action.yaml",
+			},
+			step: &workflow.Step{
+				Uses: "tibdex/github-app-token@v2",
+				ID:   "token",
+				With: map[string]string{
+					"app_id":      "xxx",
+					"private_key": "xxx",
+				},
+			},
+		},
 	}
 	p := &policy.GitHubAppShouldLimitRepositoriesPolicy{}
 	logE := logrus.NewEntry(logrus.New())