mirror of
https://github.com/pre-commit/action.git
synced 2025-11-07 10:46:56 +00:00
f151909a1b
Pin the action/cache action in action.yml to a specific SHA, this change will allow usage of the pre-commit action when enforcement of SHA pinning on actions is set[1]. SHA pinning helps prevent supply chain attacks as versions/releases of actions are not immutable and can be updated at any time. Pinning to a SHA makes the release immutable from the consumer perspective. SHA pinning enforcement applies to downstream dependencies, i.e. if I include pre-commit/action in my workflows I cannot use SHA pinning because actions/cache is currently unpinned. [1] https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/#enforce-sha-pinning
20 lines
624 B
YAML
20 lines
624 B
YAML
name: pre-commit
|
|
description: run pre-commit
|
|
inputs:
|
|
extra_args:
|
|
description: options to pass to pre-commit run
|
|
required: false
|
|
default: '--all-files'
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- run: python -m pip install pre-commit
|
|
shell: bash
|
|
- run: python -m pip freeze --local
|
|
shell: bash
|
|
- uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
|
|
with:
|
|
path: ~/.cache/pre-commit
|
|
key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
|
|
- run: pre-commit run --show-diff-on-failure --color=always ${{ inputs.extra_args }}
|
|
shell: bash
|