Documentation
¶
Overview ¶
Package pin resolves action version tags to commit SHAs via the GitHub API.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActionRef ¶
type ActionRef struct {
Action string // e.g., "actions/checkout"
Version string // e.g., "v4" or "abc123..."
IsTag bool // true if Version looks like a tag, not a SHA
}
ActionRef represents an action reference found in an HCL file.
type CachedResolver ¶
type CachedResolver struct {
// contains filtered or unexported fields
}
CachedResolver wraps a Resolver with a file-based cache.
func NewCachedResolver ¶
func NewCachedResolver(inner Resolver) *CachedResolver
NewCachedResolver creates a resolver that caches results for 24 hours.
func (*CachedResolver) ResolveTag ¶
ResolveTag checks the cache first, then falls back to the inner resolver.
type GitHubResolver ¶
type GitHubResolver struct {
// contains filtered or unexported fields
}
GitHubResolver resolves tags via the GitHub API.
func NewGitHubResolver ¶
func NewGitHubResolver(token string) *GitHubResolver
NewGitHubResolver creates a resolver that uses the GitHub API. If token is empty, it falls back to GITHUB_TOKEN env var. Unauthenticated requests are limited to 60/hr; authenticated to 5000/hr.
func (*GitHubResolver) LatestTag ¶
LatestTag returns the latest semver tag for a repository by listing tags sorted by version descending.
func (*GitHubResolver) ResolveTag ¶
ResolveTag resolves a tag to a commit SHA via the GitHub API.
type PinResult ¶
type PinResult struct {
Action string
Tag string
SHA string
Error error
WasAlready bool // true if version was already a SHA
}
PinResult holds the result of pinning a single action.
func PinDirectory ¶
func PinDirectory(ctx context.Context, dir string, resolver Resolver, w io.Writer, dryRun bool) ([]PinResult, error)
PinDirectory pins all HCL files in a directory.
func PinFile ¶
func PinFile(ctx context.Context, path string, resolver Resolver, w io.Writer, dryRun bool) ([]PinResult, error)
PinFile reads an HCL file, resolves all tag-based action versions to SHAs, and writes the updated file. When dryRun is true, resolutions are reported but the file is not modified.
type Resolver ¶
type Resolver interface {
ResolveTag(ctx context.Context, owner, repo, tag string) (string, error)
}
Resolver resolves action version tags to commit SHAs.
type UpgradeResult ¶
type UpgradeResult struct {
Action string
OldVersion string
NewTag string
NewSHA string
Error error
WasCurrent bool // true if already on the latest version
}
UpgradeResult holds the result of upgrading a single action.
func UpgradeDirectory ¶
func UpgradeDirectory(ctx context.Context, dir string, resolver Upgrader, w io.Writer, dryRun bool) ([]UpgradeResult, error)
UpgradeDirectory upgrades all HCL files in a directory.
func UpgradeFile ¶
func UpgradeFile(ctx context.Context, path string, resolver Upgrader, w io.Writer, dryRun bool) ([]UpgradeResult, error)
UpgradeFile reads an HCL file, checks each action for a newer release, and updates both the version and comment. When dryRun is true, changes are reported but the file is not modified.
Source Files