Tests valid uses (#127)

* Update valid.yaml * Fixes conditions * Fixes previous commit
zgosalvez · Nov 2, 2023 · edc259d · edc259d
1 parent 4253c18
commit edc259d
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 48 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/index.js b/src/index.js
@@ -31,27 +31,21 @@ async function run() {
       for (const job in jobs) {
         const uses = jobs[job]['uses'];
         const steps = jobs[job]['steps'];
+        let jobHasError = false;
 
-        if (assertUsesVersion(uses)) {
-          if (!assertUsesSha(uses) && !assertUsesAllowlist(uses, allowlist)) {
-            actionHasError = true;
-            fileHasError = true;
-
-            reportError(`${uses} is not pinned to a full length commit SHA.`, isDryRun);
-          }
+        if (uses !== undefined) {
+          jobHasError = runAssertions(uses, allowlist, isDryRun);
         } else if (steps !== undefined) {
           for (const step of steps) {
-            const uses = step['uses'];
-
-            if (assertUsesVersion(uses) && !assertUsesSha(uses) && !assertUsesAllowlist(uses, allowlist)) {
-              actionHasError = true;
-              fileHasError = true;
-
-              reportError(`${uses} is not pinned to a full length commit SHA.`, isDryRun);
-            }
+            jobHasError = runAssertions(step['uses'], allowlist, isDryRun);
           }
         } else {
-          core.warning(`The "${job}" job of the "${basename}" workflow does not contain uses or steps.`);
+          core.warning(`The "${job}" job of the "${basename}" workflow does not contain uses or steps.`);  
+        }
+
+        if (jobHasError) {
+          actionHasError = true;
+          fileHasError = true;
         }
       }
 
@@ -99,10 +93,18 @@ function assertUsesAllowlist(uses, allowlist) {
   return isAllowed;
 }
 
-function reportError(message, isDryRun) {
-  if (isDryRun) {
-    core.warning(message);
-  } else {
-    core.error(message);
+function runAssertions(uses, allowlist, isDryRun) {
+  const hasError = assertUsesVersion(uses) && !assertUsesSha(uses) && !assertUsesAllowlist(uses, allowlist);
+
+  if (hasError) {
+    const message = `${uses} is not pinned to a full length commit SHA.`;
+
+    if (isDryRun) {
+      core.warning(message);
+    } else {
+      core.error(message);
+    }
   }
-}
+
+  return hasError;
+}
diff --git a/test/pass.test.js b/test/pass.test.js
@@ -18,11 +18,15 @@ jest.afterEach(() => {
 });
 
 jest.test('actions pass', () => {
-    try {
-        const result = execSync(`node ${ip}`, { env: process.env }).toString();
+    let result;
 
-        jest.expect(result).toContain('No issues were found.');
+    try {
+        result = execSync(`node ${ip}`, { env: process.env }).toString();
     } catch (error) {
         throw Error(error.stdout.toString());
     }
+
+    jest.expect(result).not.toContain('::warning::');
+    jest.expect(result).not.toContain('::error::');
+    jest.expect(result).toContain('No issues were found.');
 });
diff --git a/test/stub/pass/valid.yaml b/test/stub/pass/valid.yaml
@@ -1,7 +1,11 @@
 jobs:
+  usesversionedstub:
+    uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
   versionedstub:
     steps:
     - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+  usesunversionedstub:
+    uses: ./.github/actions/playground
   unversionedstub:
     steps:
     - uses: ./.github/actions/playground