Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pinact for openSUSE:Factory checked in at 2026-05-16 19:25:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pinact (Old) and /work/SRC/openSUSE:Factory/.pinact.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pinact" Sat May 16 19:25:56 2026 rev:11 rq:1353497 version:3.10.1 Changes: -------- --- /work/SRC/openSUSE:Factory/pinact/pinact.changes 2026-05-13 17:25:01.117428789 +0200 +++ /work/SRC/openSUSE:Factory/.pinact.new.1966/pinact.changes 2026-05-16 19:27:05.696355143 +0200 @@ -1,0 +2,13 @@ +Sat May 16 06:16:32 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 3.10.1: + * Bug Fixes + - #1535 pin uses lines with multiple spaces after the YAML list + dash + * Dependencies + - chore(deps): update dependency aquaproj/aqua-registry to + v4.512.0 (#1533) + - chore(deps): update dependency suzuki-shunsuke/pinact to + v3.10.0 (#1532) + +------------------------------------------------------------------- Old: ---- pinact-3.10.0.obscpio New: ---- pinact-3.10.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pinact.spec ++++++ --- /var/tmp/diff_new_pack.nX1u2g/_old 2026-05-16 19:27:06.916405168 +0200 +++ /var/tmp/diff_new_pack.nX1u2g/_new 2026-05-16 19:27:06.920405332 +0200 @@ -17,7 +17,7 @@ Name: pinact -Version: 3.10.0 +Version: 3.10.1 Release: 0 Summary: CLI to edit GitHub Workflows and pin versions of Actions and Reusable Workflows License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.nX1u2g/_old 2026-05-16 19:27:06.956406808 +0200 +++ /var/tmp/diff_new_pack.nX1u2g/_new 2026-05-16 19:27:06.964407136 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/suzuki-shunsuke/pinact.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">refs/tags/v3.10.0</param> + <param name="revision">refs/tags/v3.10.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.nX1u2g/_old 2026-05-16 19:27:06.992408284 +0200 +++ /var/tmp/diff_new_pack.nX1u2g/_new 2026-05-16 19:27:07.000408612 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/suzuki-shunsuke/pinact.git</param> - <param name="changesrevision">fd95c7317488e35c8e642cb7bf51edbf5dbb5ce4</param></service></servicedata> + <param name="changesrevision">9ef46dc5d3e9b2c6873861cc75a27802ea8850aa</param></service></servicedata> (No newline at EOF) ++++++ pinact-3.10.0.obscpio -> pinact-3.10.1.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/USAGE.md new/pinact-3.10.1/USAGE.md --- old/pinact-3.10.0/USAGE.md 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/USAGE.md 2026-05-15 07:00:08.000000000 +0200 @@ -11,7 +11,7 @@ pinact [global options] [command [command options]] VERSION: - 3.9.2 + 3.10.0 COMMANDS: init Create .pinact.yaml if it doesn't exist @@ -37,7 +37,7 @@ pinact init - Create .pinact.yaml if it doesn't exist USAGE: - pinact init + pinact init [options] DESCRIPTION: Create .pinact.yaml if it doesn't exist @@ -53,6 +53,10 @@ OPTIONS: --help, -h show help + +GLOBAL OPTIONS: + --log-level string log level [$PINACT_LOG_LEVEL] + --config string, -c string configuration file path [$PINACT_CONFIG] ``` ## pinact run @@ -63,7 +67,7 @@ pinact run - Pin GitHub Actions versions USAGE: - pinact run [arguments...] + pinact run [options] [files ...] DESCRIPTION: If no argument is passed, pinact searches GitHub Actions workflow files from .github/workflows. @@ -91,9 +95,14 @@ --pr int GitHub pull request number (default: 0) --include string, -i string [ --include string, -i string ] A regular expression to fix actions --exclude string, -e string [ --exclude string, -e string ] A regular expression to exclude actions - --min-age int, -m int Skip versions released within the specified number of days (requires -u) (default: 0) [$PINACT_MIN_AGE] + --branch-to-tag string [ --branch-to-tag string ] A regular expression to convert non-semver versions (e.g. branch names) to the latest stable tag. Anchor with ^$ for exact match + --min-age int, -m int Skip versions released within the specified number of days (requires -u or --branch-to-tag) (default: 0) [$PINACT_MIN_AGE] --separator string, --sep string Separator between version and tag comment --help, -h show help + +GLOBAL OPTIONS: + --log-level string log level [$PINACT_LOG_LEVEL] + --config string, -c string configuration file path [$PINACT_CONFIG] ``` ## pinact migrate @@ -104,7 +113,7 @@ pinact migrate - Migrate .pinact.yaml USAGE: - pinact migrate + pinact migrate [options] DESCRIPTION: Migrate the version of .pinact.yaml @@ -114,6 +123,10 @@ OPTIONS: --help, -h show help + +GLOBAL OPTIONS: + --log-level string log level [$PINACT_LOG_LEVEL] + --config string, -c string configuration file path [$PINACT_CONFIG] ``` ## pinact token @@ -145,7 +158,7 @@ pinact token set - Set GitHub Access token USAGE: - pinact token set + pinact token set [options] DESCRIPTION: Set GitHub Access token to keyring. @@ -153,6 +166,10 @@ OPTIONS: --stdin Read GitHub Access token from stdin --help, -h show help + +GLOBAL OPTIONS: + --log-level string log level [$PINACT_LOG_LEVEL] + --config string, -c string configuration file path [$PINACT_CONFIG] ``` ### token remove @@ -163,13 +180,17 @@ pinact token remove - Remove GitHub Access token USAGE: - pinact token remove + pinact token remove [options] DESCRIPTION: Remove GitHub Access token from keyring. OPTIONS: --help, -h show help + +GLOBAL OPTIONS: + --log-level string log level [$PINACT_LOG_LEVEL] + --config string, -c string configuration file path [$PINACT_CONFIG] ``` ## pinact version @@ -180,11 +201,15 @@ pinact version - Show version USAGE: - pinact version + pinact version [options] OPTIONS: --json, -j Output version in JSON format --help, -h show help + +GLOBAL OPTIONS: + --log-level string log level [$PINACT_LOG_LEVEL] + --config string, -c string configuration file path [$PINACT_CONFIG] ``` ## pinact completion @@ -195,7 +220,7 @@ pinact completion - Output shell completion script for bash, zsh, fish, or Powershell USAGE: - pinact completion + pinact completion [options] DESCRIPTION: Output shell completion script for bash, zsh, fish, or Powershell. @@ -216,4 +241,8 @@ OPTIONS: --help, -h show help + +GLOBAL OPTIONS: + --log-level string log level [$PINACT_LOG_LEVEL] + --config string, -c string configuration file path [$PINACT_CONFIG] ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/aqua/aqua-checksums.json new/pinact-3.10.1/aqua/aqua-checksums.json --- old/pinact-3.10.0/aqua/aqua-checksums.json 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/aqua/aqua-checksums.json 2026-05-15 07:00:08.000000000 +0200 @@ -306,38 +306,38 @@ "algorithm": "sha256" }, { - "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.9.2/pinact_darwin_amd64.tar.gz", - "checksum": "5FACBCD8CD4E20FB88C4EF3ACE9C54B7D295735563634EF4373694CD286BE67A", + "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.10.0/pinact_darwin_amd64.tar.gz", + "checksum": "5B68B8343E83DBB8971C79386367BACAFA9A259E56E0188B45C55887D29878E5", "algorithm": "sha256" }, { - "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.9.2/pinact_darwin_arm64.tar.gz", - "checksum": "4A6B481B16B7BB67153F96AAF60CBE61D3A739BDCE35B1CB3FD3DE5372F58C31", + "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.10.0/pinact_darwin_arm64.tar.gz", + "checksum": "2E7FB2295D2DF9BB1113B48F18D1AF9222B6B809C9407A4DBEEEBA420EBB050F", "algorithm": "sha256" }, { - "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.9.2/pinact_linux_amd64.tar.gz", - "checksum": "6ADCC8A2217E4114E0841F8BCA0CDDF9958A9C52E3E89760C35B791CDBA1A916", + "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.10.0/pinact_linux_amd64.tar.gz", + "checksum": "89DF727E7315E62F79AA865A98216AE60CA8D8CB5D7BCF6F78B6FDC4C44F4A46", "algorithm": "sha256" }, { - "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.9.2/pinact_linux_arm64.tar.gz", - "checksum": "468BF7AFD0F22B30ECB17FCF02F76D8B5C3BCA59BB85A29017D7DAEBDE96B33F", + "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.10.0/pinact_linux_arm64.tar.gz", + "checksum": "E9659CAB46DDC904BBCD19BB91266C32864D75EECAA683B5DDBED17B93A82188", "algorithm": "sha256" }, { - "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.9.2/pinact_windows_amd64.zip", - "checksum": "A7F82E352EB4F706ADDFB864A7C4853F34BDCFC604EBEF8733ADECBBBACAAEEF", + "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.10.0/pinact_windows_amd64.zip", + "checksum": "0FB39A543A4D8E6D08CC4C7CB414A2B4E03C448E5AEF50085EA581BFFC1DB3B2", "algorithm": "sha256" }, { - "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.9.2/pinact_windows_arm64.zip", - "checksum": "654FB709F95755202C0C85354217F0A6E56721136B4841B2FCE9B9D568843DE5", + "id": "github_release/github.com/suzuki-shunsuke/pinact/v3.10.0/pinact_windows_arm64.zip", + "checksum": "BD872B369C53F1A8848B68E53180FF72DEF1EC09E053F8ABF71ED5006962554F", "algorithm": "sha256" }, { - "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.511.1/registry.yaml", - "checksum": "33D883B97452563CFD072B26E4ACD0A25A21B7654BC271D110792835F9AA096F", + "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.512.0/registry.yaml", + "checksum": "657A577A3B564A694887D9B6F848737DFCC298DE46ECD42DA01F033697C8C47D", "algorithm": "sha256" } ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/aqua/aqua.yaml new/pinact-3.10.1/aqua/aqua.yaml --- old/pinact-3.10.0/aqua/aqua.yaml 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/aqua/aqua.yaml 2026-05-15 07:00:08.000000000 +0200 @@ -7,5 +7,5 @@ require_checksum: true registries: - type: standard - ref: v4.511.1 # renovate: depName=aquaproj/aqua-registry + ref: v4.512.0 # renovate: depName=aquaproj/aqua-registry import_dir: imports diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/aqua/imports/pinact.yaml new/pinact-3.10.1/aqua/imports/pinact.yaml --- old/pinact-3.10.0/aqua/imports/pinact.yaml 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/aqua/imports/pinact.yaml 2026-05-15 07:00:08.000000000 +0200 @@ -1,2 +1,2 @@ packages: - - name: suzuki-shunsuke/[email protected] + - name: suzuki-shunsuke/[email protected] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/pkg/controller/run/parse_line.go new/pinact-3.10.1/pkg/controller/run/parse_line.go --- old/pinact-3.10.0/pkg/controller/run/parse_line.go 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/pkg/controller/run/parse_line.go 2026-05-15 07:00:08.000000000 +0200 @@ -14,7 +14,7 @@ ) var ( - usesPattern = regexp.MustCompile(`^( *(?:- )?['"]?uses['"]? *: +)(['"]?)(.*?)@([^ '"]+)['"]?(?:( +# +(?:tag=)?)(v?\d+[^ ]*)(.*))?`) + usesPattern = regexp.MustCompile(`^( *(?:- +)?['"]?uses['"]? *: +)(['"]?)(.*?)@([^ '"]+)['"]?(?:( +# +(?:tag=)?)(v?\d+[^ ]*)(.*))?`) fullCommitSHAPattern = regexp.MustCompile(`\b[0-9a-f]{40}\b`) semverPattern = regexp.MustCompile(`^v?\d+\.\d+\.\d+[^ ]*$`) shortTagPattern = regexp.MustCompile(`^v?\d+(\.\d+)?$`) @@ -149,7 +149,7 @@ return "", nil } - return c.processVersionComment(ctx, logger, action, attrs) + return c.processAction(ctx, logger, action, attrs) } // shouldSkipAction checks if an action should be skipped based on filtering rules. @@ -169,51 +169,156 @@ return false } -// processVersionComment processes the action based on its version comment type. -func (c *Controller) processVersionComment(ctx context.Context, logger *slog.Logger, action *Action, attrs *slogerr.Attrs) (string, error) { +// processAction dispatches based on the action's version form. The version +// is the primary determinant (already-pinned SHA vs. semver tag vs. branch); +// the comment refines the behavior inside each branch. +func (c *Controller) processAction(ctx context.Context, logger *slog.Logger, action *Action, attrs *slogerr.Attrs) (string, error) { + switch getVersionType(action.Version) { + case FullCommitSHA: + return c.processPinnedVersion(ctx, logger, action, attrs) + case Semver, Shortsemver: + return c.processTaggedVersion(ctx, logger, action) + default: + return c.processUnpinnedVersion(ctx, logger, action) + } +} + +// processPinnedVersion handles actions whose Version is already a full commit +// SHA. The comment determines whether to verify, expand a short tag, or +// update to a newer release. +func (c *Controller) processPinnedVersion(ctx context.Context, logger *slog.Logger, action *Action, attrs *slogerr.Attrs) (string, error) { switch getVersionType(action.VersionComment) { - case Empty: - // @xxx - // Note that comments like "hoge" are treated as Empty - return c.parseNoTagLine(ctx, logger, action) case Semver: - // @xxx # v1.0.0 - return c.parseSemverTagLine(ctx, logger, action) + // @<sha> # v1.0.0 + return c.processPinnedSemverComment(ctx, logger, action) case Shortsemver: - // @xxx # v1 + // @<sha> # v1 logger = attrs.Add(logger, "version_annotation", action.VersionComment) - return c.parseShortSemverTagLine(ctx, logger, action) + return c.processPinnedShortsemverComment(ctx, logger, action) default: - // @xxx # hoge - if getVersionType(action.Version) == FullCommitSHA { - // @<full commit sha> # hoge - return "", nil + // Empty (@<sha>) or Other (@<sha> # hoge): already pinned, leave alone. + return "", nil + } +} + +// processPinnedSemverComment handles @<sha> # v1.0.0. +func (c *Controller) processPinnedSemverComment(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { + if !c.param.Update { + return c.verifyIfNeeded(ctx, logger, action) + } + lv, err := c.getLatestVersion(ctx, logger, action.RepoOwner, action.RepoName, action.VersionComment) + if err != nil { + return "", fmt.Errorf("get the latest version: %w", err) + } + if action.VersionComment == lv { + return c.verifyIfNeeded(ctx, logger, action) + } + if !compareVersion(action.VersionComment, lv) { + warnSkipOlderVersion(logger, action.VersionComment, lv) + return "", nil + } + return c.patchToLatestVersion(ctx, logger, action, lv) +} + +// processPinnedShortsemverComment handles @<sha> # v1. +func (c *Controller) processPinnedShortsemverComment(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { + if c.param.Update { + lv, err := c.getLatestVersion(ctx, logger, action.RepoOwner, action.RepoName, action.VersionComment) + if err != nil { + return "", fmt.Errorf("get the latest version: %w", err) } - // @<not full commit sha> # hoge - return "", ErrCantPinned + return c.patchToLatestVersion(ctx, logger, action, lv) + } + // replace Shortsemver to Semver + longVersion, err := c.getLongVersionFromSHA(ctx, logger, action, action.Version) + if err != nil { + return "", err } + if longVersion == "" { + logger.Debug("a long tag whose SHA is same as SHA of the version annotation isn't found") + return "", nil + } + return c.patchLine(action, action.Version, longVersion), nil } -// parseNoTagLine processes actions without version comments. -// It handles pinning actions that don't have version annotations, -// either by updating to latest version or converting tags to commit SHAs. -func (c *Controller) parseNoTagLine(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { +// processTaggedVersion handles actions whose Version is a semver or short +// semver tag. These are unpinned and must be pinned to a commit SHA, or +// updated to the latest version when --update is set. +func (c *Controller) processTaggedVersion(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { typ := getVersionType(action.Version) - switch typ { - case Shortsemver, Semver: - case FullCommitSHA: - return "", nil + switch getVersionType(action.VersionComment) { + case Empty: + // @v1 or @v1.0.0 + if c.param.Update { + return c.updateToLatestVersion(ctx, logger, action) + } + return c.pinCurrentVersion(ctx, logger, action, typ) + case Semver: + // @v1 # v1.0.0 or @v1.0.0 # v1.0.0 + if !c.param.Update { + return c.pinCurrentVersion(ctx, logger, action, typ) + } + lv, err := c.getLatestVersion(ctx, logger, action.RepoOwner, action.RepoName, action.VersionComment) + if err != nil { + return "", fmt.Errorf("get the latest version: %w", err) + } + if action.VersionComment != lv && !compareVersion(action.VersionComment, lv) { + warnSkipOlderVersion(logger, action.VersionComment, lv) + return "", nil + } + return c.patchToLatestVersion(ctx, logger, action, lv) default: + // Shortsemver or Other comment on an unpinned tag: invalid combination. + return "", ErrCantPinned + } +} + +// processUnpinnedVersion handles actions whose Version is neither a SHA nor +// a semver tag (typically a branch name like main). +func (c *Controller) processUnpinnedVersion(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { + switch getVersionType(action.VersionComment) { + case Empty: if c.matchBranchToTag(action.Version) { return c.convertBranchToLatestTag(ctx, logger, action) } return "", ErrCantPinned + case Semver: + if !c.param.Update { + return "", ErrCantPinned + } + lv, err := c.getLatestVersion(ctx, logger, action.RepoOwner, action.RepoName, action.VersionComment) + if err != nil { + return "", fmt.Errorf("get the latest version: %w", err) + } + if action.VersionComment == lv { + return "", ErrCantPinned + } + if !compareVersion(action.VersionComment, lv) { + warnSkipOlderVersion(logger, action.VersionComment, lv) + return "", nil + } + return c.patchToLatestVersion(ctx, logger, action, lv) + default: + return "", ErrCantPinned } - // @v1, @v1.0.0 - if c.param.Update { - return c.updateToLatestVersion(ctx, logger, action) +} + +// patchToLatestVersion fetches the commit SHA of the latest version and +// rewrites the action line to pin against it. +func (c *Controller) patchToLatestVersion(ctx context.Context, logger *slog.Logger, action *Action, lv string) (string, error) { + sha, _, err := c.repositoriesService.GetCommitSHA1(ctx, logger, action.RepoOwner, action.RepoName, lv, "") + if err != nil { + return "", fmt.Errorf("get the latest version: %w", err) } - return c.pinCurrentVersion(ctx, logger, action, typ) + return c.patchLine(action, sha, lv), nil +} + +func warnSkipOlderVersion(logger *slog.Logger, currentVersion, newVersion string) { + logger.Warn( + "skip updating because the current version is newer than the new version", + "current_version", currentVersion, + "new_version", newVersion, + ) } // matchBranchToTag reports whether v matches any of the --branch-to-tag regexps. @@ -300,72 +405,6 @@ return nv.GreaterThan(cv) } -// parseSemverTagLine processes actions with semantic version comments. -// It handles updating semantic versions to latest and verifying that -// commit SHAs match their corresponding version tags. -func (c *Controller) parseSemverTagLine(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { - // @xxx # v3.0.0 - if c.param.Update { - return c.parseSemverTagLineUpdate(ctx, logger, action) - } - return c.parseSemverTagLinePin(ctx, logger, action) -} - -// parseSemverTagLineUpdate handles the update case for semver tag lines. -func (c *Controller) parseSemverTagLineUpdate(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { - lv, err := c.getLatestVersion(ctx, logger, action.RepoOwner, action.RepoName, action.VersionComment) - if err != nil { - return "", fmt.Errorf("get the latest version: %w", err) - } - if action.VersionComment == lv { - return c.handleCurrentVersionIsLatest(ctx, logger, action, lv) - } - return c.handleUpdateToNewerVersion(ctx, logger, action, lv) -} - -// handleCurrentVersionIsLatest handles when the current version comment matches the latest version. -func (c *Controller) handleCurrentVersionIsLatest(ctx context.Context, logger *slog.Logger, action *Action, lv string) (string, error) { - switch getVersionType(action.Version) { - case Semver, Shortsemver: - sha, _, err := c.repositoriesService.GetCommitSHA1(ctx, logger, action.RepoOwner, action.RepoName, lv, "") - if err != nil { - return "", fmt.Errorf("get the latest version: %w", err) - } - return c.patchLine(action, sha, lv), nil - case FullCommitSHA: - return c.verifyIfNeeded(ctx, logger, action) - } - return "", ErrCantPinned -} - -// handleUpdateToNewerVersion handles updating to a newer version when available. -func (c *Controller) handleUpdateToNewerVersion(ctx context.Context, logger *slog.Logger, action *Action, lv string) (string, error) { - if !compareVersion(action.VersionComment, lv) { - logger.Warn( - "skip updating because the current version is newer than the new version", - "current_version", action.VersionComment, - "new_version", lv, - ) - return "", nil - } - sha, _, err := c.repositoriesService.GetCommitSHA1(ctx, logger, action.RepoOwner, action.RepoName, lv, "") - if err != nil { - return "", fmt.Errorf("get the latest version: %w", err) - } - return c.patchLine(action, sha, lv), nil -} - -// parseSemverTagLinePin handles the pin case for semver tag lines. -func (c *Controller) parseSemverTagLinePin(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { - switch typ := getVersionType(action.Version); typ { - case Semver, Shortsemver: - return c.pinCurrentVersion(ctx, logger, action, typ) - case FullCommitSHA: - return c.verifyIfNeeded(ctx, logger, action) - } - return "", ErrCantPinned -} - // verifyIfNeeded verifies the commit hash if verification is enabled. func (c *Controller) verifyIfNeeded(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { if c.param.IsVerify { @@ -376,38 +415,6 @@ return "", nil } -// parseShortSemverTagLine processes actions with short semantic version comments. -// It handles expanding short versions (like v3) to full versions (like v3.1.0) -// and updating to latest versions when requested. -func (c *Controller) parseShortSemverTagLine(ctx context.Context, logger *slog.Logger, action *Action) (string, error) { - // @xxx # v3 - // @<full commit hash> # v3 - if FullCommitSHA != getVersionType(action.Version) { - return "", ErrCantPinned - } - if c.param.Update { - lv, err := c.getLatestVersion(ctx, logger, action.RepoOwner, action.RepoName, action.VersionComment) - if err != nil { - return "", fmt.Errorf("get the latest version: %w", err) - } - sha, _, err := c.repositoriesService.GetCommitSHA1(ctx, logger, action.RepoOwner, action.RepoName, lv, "") - if err != nil { - return "", fmt.Errorf("get the latest version: %w", err) - } - return c.patchLine(action, sha, lv), nil - } - // replace Shortsemer to Semver - longVersion, err := c.getLongVersionFromSHA(ctx, logger, action, action.Version) - if err != nil { - return "", err - } - if longVersion == "" { - logger.Debug("a long tag whose SHA is same as SHA of the version annotation isn't found") - return "", nil - } - return c.patchLine(action, action.Version, longVersion), nil -} - // patchLine reconstructs a workflow line with updated version and tag. // It combines the action information with new version and tag to create // the updated line with proper formatting and comments. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/pkg/controller/run/parse_line_internal_test.go new/pinact-3.10.1/pkg/controller/run/parse_line_internal_test.go --- old/pinact-3.10.0/pkg/controller/run/parse_line_internal_test.go 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/pkg/controller/run/parse_line_internal_test.go 2026-05-15 07:00:08.000000000 +0200 @@ -101,6 +101,17 @@ Quote: "", }, }, + { + name: "multi-space after dash", + line: " - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3", + exp: &Action{ + Uses: " - uses: ", + Name: "actions/checkout", + Version: "8e5e7e5ab8b370d6c329ec480221332ada57f0ab", + VersionCommentSeparator: " # ", + VersionComment: "v3", + }, + }, } for _, d := range data { t.Run(d.name, func(t *testing.T) { @@ -150,6 +161,11 @@ line: ` "uses": 'actions/checkout@v2'`, exp: ` "uses": 'actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5' # v2.7.0`, }, + { + name: "multi-space after dash", + line: " - uses: actions/checkout@v3", + exp: " - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2", + }, } logger := slog.New(slog.DiscardHandler) for _, d := range data { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/testdata/foo.yaml new/pinact-3.10.1/testdata/foo.yaml --- old/pinact-3.10.0/testdata/foo.yaml 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/testdata/foo.yaml 2026-05-15 07:00:08.000000000 +0200 @@ -11,6 +11,7 @@ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3 - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 + - uses: actions/checkout@v2 - uses: actions/checkout@v2 - uses: actions/[email protected] - uses: actions/setup-java@v3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/testdata/foo_after.yaml new/pinact-3.10.1/testdata/foo_after.yaml --- old/pinact-3.10.0/testdata/foo_after.yaml 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/testdata/foo_after.yaml 2026-05-15 07:00:08.000000000 +0200 @@ -11,6 +11,7 @@ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3 - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 - uses: actions/setup-java@v3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/testdata/foo_exclude_after.yaml new/pinact-3.10.1/testdata/foo_exclude_after.yaml --- old/pinact-3.10.0/testdata/foo_exclude_after.yaml 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/testdata/foo_exclude_after.yaml 2026-05-15 07:00:08.000000000 +0200 @@ -11,6 +11,7 @@ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3 - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 + - uses: actions/checkout@v2 - uses: actions/checkout@v2 - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 - uses: actions/setup-java@v3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pinact-3.10.0/testdata/foo_include_after.yaml new/pinact-3.10.1/testdata/foo_include_after.yaml --- old/pinact-3.10.0/testdata/foo_include_after.yaml 2026-05-13 11:30:19.000000000 +0200 +++ new/pinact-3.10.1/testdata/foo_include_after.yaml 2026-05-15 07:00:08.000000000 +0200 @@ -11,6 +11,7 @@ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3 - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - uses: actions/[email protected] - uses: actions/setup-java@v3 ++++++ pinact.obsinfo ++++++ --- /var/tmp/diff_new_pack.nX1u2g/_old 2026-05-16 19:27:07.260419274 +0200 +++ /var/tmp/diff_new_pack.nX1u2g/_new 2026-05-16 19:27:07.276419930 +0200 @@ -1,5 +1,5 @@ name: pinact -version: 3.10.0 -mtime: 1778664619 -commit: fd95c7317488e35c8e642cb7bf51edbf5dbb5ce4 +version: 3.10.1 +mtime: 1778821208 +commit: 9ef46dc5d3e9b2c6873861cc75a27802ea8850aa ++++++ vendor.tar.gz ++++++
