The latest articles on Forem by maork-elementor (@maorkelementor). https://forem.com/maorkelementor https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F930553%2F7c719d1a-c1ec-4992-9296-33a373015c0d.png https://forem.com/maorkelementor en maork-elementor Sun, 05 Mar 2023 09:23:17 +0000 https://forem.com/maorkelementor/uses-sentinel-1if0 https://forem.com/maorkelementor/uses-sentinel-1if0 <h2> Uses Sentinel </h2> <p>Uses Sentinel is a GitHub action that scans all <code>.yml</code> files in the <code>.github/workflows</code> directory of a GitHub repository and performs two checks on the <code>uses</code> fields in the YAML files:</p> <ol> <li><p>Checks if any <code>uses</code> field contains the version <code>main</code>, <code>master</code>, or <code>latest</code>, which are considered unsafe versions to use. If a <code>uses</code> field contains any of these versions, a warning message is printed to the console.</p></li> <li><p>Checks if the <code>uses</code> field references the latest version of the action by checking the GitHub repository's tags. If the <code>uses</code> field does not reference the latest version, a warning message is printed to the console.</p></li> </ol> <p>Uses Sentinel is written in Bash only and has no dependencies.</p> <h2> Usage </h2> <p>To use Uses Sentinel in your GitHub repository, create a new workflow file (e.g., <code>.github/workflows/uses-sentinel.yml</code>) with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Uses Sentinel</span> <span class="na">on</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">pull_request</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">uses-sentinel</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Uses Sentinel</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">maork-elementor/uses-sentinel@1.0.0</span> </code></pre> </div> <ul> <li>This will run Uses Sentinel on every pull request in your repository.</li> </ul> <h2> Inputs </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">jobs</span><span class="pi">:</span> <span class="na">uses-sentinel</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Uses Sentinel</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">maork-elementor/uses-sentinel@1.0.0</span> <span class="na">with</span><span class="pi">:</span> <span class="s">exlude:'exlude.yml,exlude2.yml,exlude3.yml'</span> </code></pre> </div> <p>exlude - list of files to exlude from the scan</p> <h2> Output Example </h2> <p>Here's an example output from Uses Sentinel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Some actions are not safe to use or not updated Bad versions: yml: ./.github/workflows/ci.yml, use: actions/checkout@main version: main, It not safe to use main, master or latest Not updated actions: yml: ./.github/workflows/ci.yml, use: actions/setup-node@v1 current version: v1.0.0, latest version: v2.1.4 </code></pre> </div> <p>This output indicates that the .github/workflows/ci.yml file contains an unsafe version (main) of the actions/checkout action and an outdated version (v1.0.0) of the actions/setup-node action.</p> <p>License<br> Uses Sentinel is released under the MIT License.</p> <p>Repo: <a href="https://github.com/maork-elementor/uses-sentinel/">https://github.com/maork-elementor/uses-sentinel/</a></p> github workflow bash actionshackathon