bitwarden_workflow_linter 0.2.1__py3-none-any.whl → 0.3.1__py3-none-any.whl

bitwarden_workflow_linter/__about__.py

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
 
-__version__ = "0.2.1"
+__version__ = "0.3.1"

bitwarden_workflow_linter/actions.py

@@ -57,17 +57,22 @@ class ActionsCmd:
         parser_actions = subparsers.add_parser(
             "actions", help="!!BETA!!\nAdd or Update Actions in the pre-approved list."
         )
-        parser_actions.add_argument(
-            "-o", "--output", action="store", default="actions.json"
-        )
         subparsers_actions = parser_actions.add_subparsers(
             required=True, dest="actions_command"
         )
-        subparsers_actions.add_parser("update", help="update action versions")
+        parser_actions_update = subparsers_actions.add_parser(
+            "update", help="update action versions"
+        )
+        parser_actions_update.add_argument(
+            "-o", "--output", action="store", default="actions.json", help="output file"
+        )
         parser_actions_add = subparsers_actions.add_parser(
             "add", help="add action to approved list"
         )
         parser_actions_add.add_argument("name", help="action name [git owner/repo]")
+        parser_actions_add.add_argument(
+            "-o", "--output", action="store", default="actions.json", help="output file"
+        )
 
         return subparsers
 
@@ -127,29 +132,38 @@ class ActionsCmd:
                 f"https://api.github.com/repos/{action.name}/releases/latest",
                 action.name,
             )
-            if not response:
-                return None
+            if response is not None and response.status != 404:
+                tag_name = json.loads(response.data)["tag_name"]
 
-            tag_name = json.loads(response.data)["tag_name"]
+                # Get the URL to the commit for the tag
+                response = self.get_github_api_response(
+                    f"https://api.github.com/repos/{action.name}/git/ref/tags/{tag_name}",
+                    action.name,
+                )
 
-            # Get the URL to the commit for the tag
-            response = self.get_github_api_response(
-                f"https://api.github.com/repos/{action.name}/git/ref/tags/{tag_name}",
-                action.name,
-            )
-            if not response:
-                return None
+                if response is None or response.status != 200:
+                    return None
+
+                if json.loads(response.data)["object"]["type"] != "commit":
+                    url = json.loads(response.data)["object"]["url"]
+                    # Follow the URL and get the commit sha for tags
+                    response = self.get_github_api_response(url, action.name)
+                    if not response:
+                        return None
 
-            if json.loads(response.data)["object"]["type"] == "commit":
                 sha = json.loads(response.data)["object"]["sha"]
             else:
-                url = json.loads(response.data)["object"]["url"]
-                # Follow the URL and get the commit sha for tags
-                response = self.get_github_api_response(url, action.name)
-                if not response:
+                # Get tag from latest tag
+                response = self.get_github_api_response(
+                    f"https://api.github.com/repos/{action.name}/tags",
+                    action.name,
+                )
+
+                if response is None or response.status != 200:
                     return None
 
-                sha = json.loads(response.data)["object"]["sha"]
+                sha = json.loads(response.data)[0]["commit"]["sha"]
+                tag_name = json.loads(response.data)[0]["name"]
         except KeyError as err:
             raise GitHubApiSchemaError(
                 f"Error with the GitHub API Response Schema for either /releases or"
@@ -182,10 +196,20 @@ class ActionsCmd:
         updated_actions = self.settings.approved_actions
         proposed_action = Action(name=new_action_name)
 
+        # Remove the action directory if the action is in a multi-actions repo
+        if len(new_action_name.split("/")) > 2:
+            modified_action = "/".join(new_action_name.split("/")[:-1])
+            print(
+                f" - {new_action_name} \033[{Colors.yellow}modified\033[0m to {modified_action}"
+            )
+            proposed_action = Action(name=modified_action)
+
         if self.exists(proposed_action):
             latest = self.get_latest_version(proposed_action)
             if latest:
                 updated_actions[latest.name] = latest
+        else:
+            print(f" - {new_action_name} \033[{Colors.red}not found\033[0m")
 
         self.save_actions(updated_actions, filename)
         return 0

bitwarden_workflow_linter/default_actions.json

@@ -6,8 +6,8 @@
   },
   "Azure/functions-action": {
     "name": "Azure/functions-action",
-    "sha": "238dc3c45bb1b04e5d16ff9e75cddd1d86753bd6",
-    "version": "v1.5.1"
+    "sha": "fd80521afbba9a2a76a99ba1acc07aff8d733d11",
+    "version": "v1.5.2"
   },
   "Azure/get-keyvault-secrets": {
     "name": "Azure/get-keyvault-secrets",
@@ -16,13 +16,18 @@
   },
   "Azure/login": {
     "name": "Azure/login",
-    "sha": "de95379fe4dadc2defb305917eaa7e5dde727294",
-    "version": "v1.5.1"
+    "sha": "a65d910e8af852a8061c627c456678983e180302",
+    "version": "v2.2.0"
+  },
+  "Azure/setup-helm": {
+    "name": "Azure/setup-helm",
+    "sha": "fe7b79cd5ee1e45176fcad797de68ecaf3ca4814",
+    "version": "v4.2.0"
   },
   "Swatinem/rust-cache": {
     "name": "Swatinem/rust-cache",
-    "sha": "a95ba195448af2da9b00fb742d14ffaaf3c21f43",
-    "version": "v2.7.0"
+    "sha": "82a92a6e8fbeee089604da2575dc567ae9ddeaab",
+    "version": "v2.7.5"
   },
   "SwiftDocOrg/github-wiki-publish-action": {
     "name": "SwiftDocOrg/github-wiki-publish-action",
@@ -36,28 +41,38 @@
   },
   "act10ns/slack": {
     "name": "act10ns/slack",
-    "sha": "ed1309ab9862e57e9e583e51c7889486b9a00b0f",
-    "version": "v2.0.0"
+    "sha": "44541246747a30eb3102d87f7a4cc5471b0ffb7d",
+    "version": "v2.1.0"
+  },
+  "actions-cool/check-user-permission": {
+    "name": "actions-cool/check-user-permission",
+    "sha": "956b2e73cdfe3bcb819bb7225e490cb3b18fd76e",
+    "version": "v2.2.1"
   },
   "actions/cache": {
     "name": "actions/cache",
-    "sha": "704facf57e6136b1bc63b828d79edcd491f0ee84",
-    "version": "v3.3.2"
+    "sha": "1bd1e32a3bdc45362d1e726936510720a7c30a57",
+    "version": "v4.2.0"
   },
   "actions/checkout": {
     "name": "actions/checkout",
-    "sha": "b4ffde65f46336ab88eb53be808477a3936bae11",
-    "version": "v4.1.1"
+    "sha": "11bd71901bbe5b1630ceea73d27597364c9af683",
+    "version": "v4.2.2"
+  },
+  "actions/create-github-app-token": {
+    "name": "actions/create-github-app-token",
+    "sha": "5d869da34e18e7287c1daad50e0b8ea0f506ce69",
+    "version": "v1.11.0"
   },
   "actions/delete-package-versions": {
     "name": "actions/delete-package-versions",
-    "sha": "0d39a63126868f5eefaa47169615edd3c0f61e20",
-    "version": "v4.1.1"
+    "sha": "e5bc658cc4c965c472efe991f8beea3981499c55",
+    "version": "v5.0.0"
   },
   "actions/download-artifact": {
     "name": "actions/download-artifact",
-    "sha": "f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110",
-    "version": "v4.1.0"
+    "sha": "fa0a91b85d4f404e444e00e005971372dc801d16",
+    "version": "v4.1.8"
   },
   "actions/github-script": {
     "name": "actions/github-script",
@@ -71,23 +86,23 @@
   },
   "actions/setup-dotnet": {
     "name": "actions/setup-dotnet",
-    "sha": "4d6c8fcf3c8f7a60068d26b594648e99df24cee3",
-    "version": "v4.0.0"
+    "sha": "3e891b0cb619bf60e2c25674b222b8940e2c1c25",
+    "version": "v4.1.0"
   },
   "actions/setup-java": {
     "name": "actions/setup-java",
-    "sha": "387ac29b308b003ca37ba93a6cab5eb57c8f5f93",
-    "version": "v4.0.0"
+    "sha": "8df1039502a15bceb9433410b1a100fbe190c53b",
+    "version": "v4.5.0"
   },
   "actions/setup-node": {
     "name": "actions/setup-node",
-    "sha": "b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8",
-    "version": "v4.0.1"
+    "sha": "39370e3970a6d050c480ffad4ff0ed4d3fdee5af",
+    "version": "v4.1.0"
   },
   "actions/setup-python": {
     "name": "actions/setup-python",
-    "sha": "0a5c61591373683505ea898e09a3ea4f39ef2b9c",
-    "version": "v5.0.0"
+    "sha": "0b93645e9fea7318ecaed2b359559ac225c90a2b",
+    "version": "v5.3.0"
   },
   "actions/stale": {
     "name": "actions/stale",
@@ -96,18 +111,33 @@
   },
   "actions/upload-artifact": {
     "name": "actions/upload-artifact",
-    "sha": "c7d193f32edcb7bfad88892161225aeda64e9392",
-    "version": "v4.0.0"
+    "sha": "b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882",
+    "version": "v4.4.3"
+  },
+  "actions/upload-pages-artifact": {
+    "name": "actions/upload-pages-artifact",
+    "sha": "56afc609e74202658d3ffba0e8f6dda462b719fa",
+    "version": "v3.0.1"
+  },
+  "anchore/scan-action": {
+    "name": "anchore/scan-action",
+    "sha": "869c549e657a088dc0441b08ce4fc0ecdac2bb65",
+    "version": "v5.3.0"
   },
   "android-actions/setup-android": {
     "name": "android-actions/setup-android",
-    "sha": "07976c6290703d34c16d382cb36445f98bb43b1f",
-    "version": "v3.2.0"
+    "sha": "9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407",
+    "version": "v3.2.2"
+  },
+  "andymckay/labeler": {
+    "name": "andymckay/labeler",
+    "sha": "e6c4322d0397f3240f0e7e30a33b5c5df2d39e90",
+    "version": "1.0.4"
   },
   "azure/webapps-deploy": {
     "name": "azure/webapps-deploy",
-    "sha": "145a0687697df1d8a28909569f6e5d86213041f9",
-    "version": "v3.0.0"
+    "sha": "de617f46172a906d0617bb0e50d81e9e3aec24c8",
+    "version": "v3.0.1"
   },
   "bitwarden/sm-action": {
     "name": "bitwarden/sm-action",
@@ -116,22 +146,22 @@
   },
   "checkmarx/ast-github-action": {
     "name": "checkmarx/ast-github-action",
-    "sha": "72d549beebd0bc5bbafa559f198161b6ce7c03df",
-    "version": "2.0.21"
+    "sha": "b74e8d514feae4ad5ad2b43e72590935bd2daf5f",
+    "version": "2.0.39"
   },
   "chrnorm/deployment-action": {
     "name": "chrnorm/deployment-action",
-    "sha": "d42cde7132fcec920de534fffc3be83794335c00",
-    "version": "v2.0.5"
+    "sha": "55729fcebec3d284f60f5bcabbd8376437d696b1",
+    "version": "v2.0.7"
   },
   "chrnorm/deployment-status": {
     "name": "chrnorm/deployment-status",
-    "sha": "2afb7d27101260f4a764219439564d954d10b5b0",
-    "version": "v2.0.1"
+    "sha": "9a72af4586197112e0491ea843682b5dc280d806",
+    "version": "v2.0.3"
   },
   "chromaui/action": {
     "name": "chromaui/action",
-    "sha": "80bf5911f28005ed208f15b7268843b79ca0e23a",
+    "sha": "e90c5a5e3bc2eb3b8e110d606f56a0f44fa47700",
     "version": "v1"
   },
   "cloudflare/pages-action": {
@@ -139,6 +169,16 @@
     "sha": "f0a1cd58cd66095dee69bfa18fa5efd1dde93bca",
     "version": "v1.5.0"
   },
+  "codecov/codecov-action": {
+    "name": "codecov/codecov-action",
+    "sha": "7f8b4b4bde536c465e797be725718b88c5d95e0e",
+    "version": "v5.1.1"
+  },
+  "codecov/test-results-action": {
+    "name": "codecov/test-results-action",
+    "sha": "9739113ad922ea0a9abb4b2c0f8bf6a4aa8ef820",
+    "version": "v1.0.1"
+  },
   "convictional/trigger-workflow-and-wait": {
     "name": "convictional/trigger-workflow-and-wait",
     "sha": "f69fa9eedd3c62a599220f4d5745230e237904be",
@@ -146,48 +186,48 @@
   },
   "crazy-max/ghaction-import-gpg": {
     "name": "crazy-max/ghaction-import-gpg",
-    "sha": "01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4",
-    "version": "v6.1.0"
+    "sha": "cb9bde2e2525e640591a934b1fd28eef1dcaf5e5",
+    "version": "v6.2.0"
   },
   "crowdin/github-action": {
     "name": "crowdin/github-action",
-    "sha": "fdc55cdc519e86e32c22a07528d649277f1127f2",
-    "version": "v1.16.0"
+    "sha": "a9ffb7d5ac46eca1bb1f06656bf888b39462f161",
+    "version": "v2.4.0"
   },
   "dawidd6/action-download-artifact": {
     "name": "dawidd6/action-download-artifact",
-    "sha": "e7466d1a7587ed14867642c2ca74b5bcc1e19a2d",
-    "version": "v3.0.0"
+    "sha": "80620a5d27ce0ae443b965134db88467fc607b43",
+    "version": "v7"
   },
   "dawidd6/action-homebrew-bump-formula": {
     "name": "dawidd6/action-homebrew-bump-formula",
-    "sha": "75ed025ff3ad1d617862838b342b06d613a0ddf3",
-    "version": "v3.10.1"
+    "sha": "8d494330bce4434918392df134ad3db1167904db",
+    "version": "v4"
   },
   "digitalocean/action-doctl": {
     "name": "digitalocean/action-doctl",
-    "sha": "e5cb5b0cde9789f79c5115c2c4d902f38a708804",
-    "version": "v2.5.0"
+    "sha": "135ac0aa0eed4437d547c6f12c364d3006b42824",
+    "version": "v2.5.1"
   },
   "docker/build-push-action": {
     "name": "docker/build-push-action",
-    "sha": "4a13e500e55cf31b7a5d59a38ab2040ab0f42f56",
-    "version": "v5.1.0"
+    "sha": "48aba3b46d1b1fec4febb7c5d0c644b249a11355",
+    "version": "v6.10.0"
   },
   "docker/setup-buildx-action": {
     "name": "docker/setup-buildx-action",
-    "sha": "f95db51fddba0c2d1ec667646a06c2ce06100226",
-    "version": "v3.0.0"
+    "sha": "c47758b77c9736f4b2ef4073d4d51994fabfe349",
+    "version": "v3.7.1"
   },
   "docker/setup-qemu-action": {
     "name": "docker/setup-qemu-action",
-    "sha": "68827325e0b33c7199eb31dd4e31fbe9023e06e3",
-    "version": "v3.0.0"
+    "sha": "49b3bc8e6bdd4a60e6116a5414239cba5943d3cf",
+    "version": "v3.2.0"
   },
   "dorny/test-reporter": {
     "name": "dorny/test-reporter",
-    "sha": "afe6793191b75b608954023a46831a3fe10048d4",
-    "version": "v1.7.0"
+    "sha": "31a54ee7ebcacc03a09ea97a7e5465a47b84aea5",
+    "version": "v1.9.1"
   },
   "dtolnay/rust-toolchain": {
     "name": "dtolnay/rust-toolchain",
@@ -196,63 +236,118 @@
   },
   "futureware-tech/simulator-action": {
     "name": "futureware-tech/simulator-action",
-    "sha": "bfa03d93ec9de6dacb0c5553bbf8da8afc6c2ee9",
-    "version": "v3"
+    "sha": "dab10d813144ef59b48d401cd95da151222ef8cd",
+    "version": "v4"
+  },
+  "github/codeql-action": {
+    "name": "github/codeql-action",
+    "sha": "3096afedf9873361b2b2f65e1445b13272c83eb8",
+    "version": "codeql-bundle-v2.20.0"
+  },
+  "gradle/actions": {
+    "name": "gradle/actions",
+    "sha": "cc4fc85e6b35bafd578d5ffbc76a5518407e1af0",
+    "version": "v4.2.1"
   },
   "hashicorp/setup-packer": {
     "name": "hashicorp/setup-packer",
-    "sha": "ecc5516821087666a672c0d280a0084ea6d9aafd",
-    "version": "v2.0.1"
+    "sha": "1aa358be5cf73883762b302a3a03abd66e75b232",
+    "version": "v3.1.0"
+  },
+  "helm/chart-releaser-action": {
+    "name": "helm/chart-releaser-action",
+    "sha": "a917fd15b20e8b64b94d9158ad54cd6345335584",
+    "version": "v1.6.0"
+  },
+  "helm/chart-testing-action": {
+    "name": "helm/chart-testing-action",
+    "sha": "e6669bcd63d7cb57cb4380c33043eebe5d111992",
+    "version": "v2.6.1"
+  },
+  "helm/kind-action": {
+    "name": "helm/kind-action",
+    "sha": "0025e74a8c7512023d06dc019c617aa3cf561fde",
+    "version": "v1.10.0"
+  },
+  "launchdarkly/find-code-references-in-pull-request": {
+    "name": "launchdarkly/find-code-references-in-pull-request",
+    "sha": "d008aa4f321d8cd35314d9cb095388dcfde84439",
+    "version": "v2.0.0"
   },
   "macauley/action-homebrew-bump-cask": {
     "name": "macauley/action-homebrew-bump-cask",
     "sha": "445c42390d790569d938f9068d01af39ca030feb",
     "version": "v1.0.0"
   },
+  "maxim-lobanov/setup-xcode": {
+    "name": "maxim-lobanov/setup-xcode",
+    "sha": "60606e260d2fc5762a71e64e74b2174e8ea3c8bd",
+    "version": "v1.6.0"
+  },
   "microsoft/setup-msbuild": {
     "name": "microsoft/setup-msbuild",
-    "sha": "1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c",
-    "version": "v1.3.1"
+    "sha": "6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce",
+    "version": "v2"
   },
   "ncipollo/release-action": {
     "name": "ncipollo/release-action",
-    "sha": "6c75be85e571768fa31b40abf38de58ba0397db5",
-    "version": "v1.13.0"
+    "sha": "2c591bcc8ecdcd2db72b97d6147f871fcd833ba5",
+    "version": "v1.14.0"
   },
   "peter-evans/close-issue": {
     "name": "peter-evans/close-issue",
     "sha": "276d7966e389d888f011539a86c8920025ea0626",
     "version": "v3.0.1"
   },
+  "reactivecircus/android-emulator-runner": {
+    "name": "reactivecircus/android-emulator-runner",
+    "sha": "62dbb605bba737720e10b196cb4220d374026a6d",
+    "version": "v2.33.0"
+  },
   "ruby/setup-ruby": {
     "name": "ruby/setup-ruby",
-    "sha": "360dc864d5da99d54fcb8e9148c14a84b90d3e88",
-    "version": "v1.165.1"
+    "sha": "2a18b06812b0e15bb916e1df298d3e740422c47e",
+    "version": "v1.203.0"
   },
   "samuelmeuli/action-snapcraft": {
     "name": "samuelmeuli/action-snapcraft",
     "sha": "d33c176a9b784876d966f80fb1b461808edc0641",
     "version": "v2.1.1"
   },
+  "slackapi/slack-github-action": {
+    "name": "slackapi/slack-github-action",
+    "sha": "485a9d42d3a73031f12ec201c457e2162c45d02d",
+    "version": "v2.0.0"
+  },
   "snapcore/action-build": {
     "name": "snapcore/action-build",
-    "sha": "2096990827aa966f773676c8a53793c723b6b40f",
-    "version": "v1.2.0"
+    "sha": "3bdaa03e1ba6bf59a65f84a751d943d549a54e79",
+    "version": "v1.3.0"
+  },
+  "softprops/action-gh-release": {
+    "name": "softprops/action-gh-release",
+    "sha": "7b4da11513bf3f43f9999e90eabced41ab8bb048",
+    "version": "v2.2.0"
   },
   "sonarsource/sonarcloud-github-action": {
     "name": "sonarsource/sonarcloud-github-action",
-    "sha": "49e6cd3b187936a73b8280d59ffd9da69df63ec9",
-    "version": "v2.1.1"
+    "sha": "02ef91109b2d589e757aefcfb2854c2783fd7b19",
+    "version": "v4.0.0"
   },
   "stackrox/kube-linter-action": {
     "name": "stackrox/kube-linter-action",
-    "sha": "ca0d55b925470deb5b04b556e6c4276ea94d03c3",
-    "version": "v1.0.4"
+    "sha": "5792edc6a03735d592b13c08201711327a935735",
+    "version": "v1.0.5"
   },
   "tj-actions/changed-files": {
     "name": "tj-actions/changed-files",
-    "sha": "716b1e13042866565e00e85fd4ec490e186c4a2f",
-    "version": "v41.0.1"
+    "sha": "bab30c2299617f6615ec02a68b9a40d10bd21366",
+    "version": "v45.0.5"
+  },
+  "tyrrrz/action-http-request": {
+    "name": "tyrrrz/action-http-request",
+    "sha": "64c70c67f5ebc54d4c7ea09cbe3553322778afd5",
+    "version": "1.1.2"
   },
   "yogevbd/enforce-label-action": {
     "name": "yogevbd/enforce-label-action",

bitwarden_workflow_linter/default_settings.yaml

@@ -3,7 +3,7 @@ enabled_rules:
   - bitwarden_workflow_linter.rules.name_capitalized.RuleNameCapitalized
   - bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
   - bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
-  - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+  - bitwarden_workflow_linter.rules.step_approved.RuleStepUsesApproved
   - bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
   - bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
 

bitwarden_workflow_linter/rules/job_environment_prefix.py

@@ -58,7 +58,13 @@ class RuleJobEnvironmentPrefix(Rule):
         incorrectly named environment variables.
         """
         correct = True
-        allowed_envs = {"NODE_OPTION", "NUGET_PACKAGES", "MINT_PATH", "MINT_LINK_PATH"}
+        allowed_envs = {
+            "NODE_OPTIONS",
+            "NUGET_PACKAGES",
+            "MINT_PATH",
+            "MINT_LINK_PATH",
+            "HUSKY",
+        }
 
         if obj.env:
             offending_keys = []
@@ -70,4 +76,4 @@ class RuleJobEnvironmentPrefix(Rule):
         if correct:
             return True, ""
 
-        return False, f"{self.message} ({' ,'.join(offending_keys)})"
+        return False, f"{self.message} ({', '.join(offending_keys)})"

bitwarden_workflow_linter/rules/name_capitalized.py

@@ -1,5 +1,6 @@
 """A Rule to enforce all 'name' values start with a capital letter."""
 
+import re
 from typing import Optional, Tuple, Union
 
 from ..models.job import Job
@@ -56,7 +57,7 @@ class RuleNameCapitalized(Rule):
                 if obj.name[0] != "_":
                     return obj.name[0].isupper(), self.message
         else:
-            if obj.name:
+            if obj.name and not re.match(r"^\s*\${{\s*matrix\..*}}.*", obj.name):
                 return obj.name[0].isupper(), self.message
 
         return True, ""  # Force passing

bitwarden_workflow_linter/rules/step_approved.py

@@ -23,7 +23,7 @@ class RuleStepUsesApproved(Rule):
             A Settings object that contains any default, overridden, or custom settings
             required anywhere in the application.
         """
-        self.on_fail = LintLevels.WARNING
+        self.on_fail = LintLevels.ERROR
         self.compatibility = [Step]
         self.settings = settings
 
@@ -82,20 +82,17 @@ class RuleStepUsesApproved(Rule):
         if self.skip(obj):
             return True, ""
 
-        # Actions in bitwarden/gh-actions are auto-approved
-        if obj.uses and not obj.uses_path in self.settings.approved_actions:
-            return False, (
-                f"New Action detected: {obj.uses_path}\nFor security purposes, "
-                "actions must be reviewed and be on the pre-approved list"
-            )
+        obj_path = obj.uses_path
 
-        action = self.settings.approved_actions[obj.uses_path]
+        # Remove the action directory if the action is in a multi-actions repo
+        if len(obj.uses_path.split("/")) > 2:
+            obj_path = "/".join(obj.uses_path.split("/")[:-1])
 
-        if obj.uses_version != action.version or obj.uses_ref != action.sha:
+        # Actions in bitwarden/ are auto-approved
+        if obj.uses and not obj_path in self.settings.approved_actions:
             return False, (
-                "Action is out of date. Please update to:\n"
-                f"  commit: {action.version}"
-                f"  version: {action.sha}"
+                f"New Action detected: {obj.uses_path}\nFor security purposes, "
+                "actions must be reviewed and be on the pre-approved list"
             )
 
         return True, ""

bitwarden_workflow_linter/rules/step_pinned.py

@@ -83,7 +83,7 @@ class RuleStepUsesPinned(Rule):
         path, ref = obj.uses.split("@")
 
         if path.startswith("bitwarden/"):
-            if ref == "main":
+            if ref == "main" or "sm-action" in path:
                 return True, ""
             return False, "Please pin to main"
 

bitwarden_workflow_linter/rules/underscore_outputs.py

@@ -103,14 +103,6 @@ class RuleUnderscoreOutputs(Rule):
                 for output in obj.outputs.keys():
                     outputs.append(output)
 
-        if isinstance(obj, Step):
-            if obj.run:
-                outputs.extend(
-                    re.findall(
-                        r"\b([a-zA-Z0-9_-]+)\s*=\s*[^=]*>>\s*\$GITHUB_OUTPUT", obj.run
-                    )
-                )
-
         correct = True
         offending_keys = []
 
@@ -124,5 +116,5 @@ class RuleUnderscoreOutputs(Rule):
 
         return (
             False,
-            f"{obj.__class__.__name__} {self.message}: ({' ,'.join(offending_keys)})",
+            f"{obj.__class__.__name__} {self.message}: ({', '.join(offending_keys)})",
         )

{bitwarden_workflow_linter-0.2.1.dist-info → bitwarden_workflow_linter-0.3.1.dist-info}/METADATA

@@ -1,9 +1,10 @@
-Metadata-Version: 2.3
+Metadata-Version: 2.4
 Name: bitwarden_workflow_linter
-Version: 0.2.1
+Version: 0.3.1
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues
+License-File: LICENSE.txt
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3

{bitwarden_workflow_linter-0.2.1.dist-info → bitwarden_workflow_linter-0.3.1.dist-info}/RECORD

@@ -1,9 +1,9 @@
-bitwarden_workflow_linter/__about__.py,sha256=i7sjN4kIit1ye9XdGItqGi91cWiWv11IUmljOfGbykA,59
+bitwarden_workflow_linter/__about__.py,sha256=_27O6iZ8VbPFHvbz_YLPvVgFxHFgl7gH0MtXCkHXols,59
 bitwarden_workflow_linter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-bitwarden_workflow_linter/actions.py,sha256=daob3be2Y22gfsAmGhTgBRCgGk18mlGduqc5Zn1Onz4,7897
+bitwarden_workflow_linter/actions.py,sha256=LAn3yQeMMmCOvJWeTn3dE1U2nyEJqIBMwESq3TtY9hE,9069
 bitwarden_workflow_linter/cli.py,sha256=wgkK1MlVbo6Zx3f2CZZ_tkSWq_hdsGciHJA1knX6Yuw,1699
-bitwarden_workflow_linter/default_actions.json,sha256=BeFllnAu9v6cX6eeGeNoQf3rXs7ZOjAtjTNBQuAZ8-k,8087
-bitwarden_workflow_linter/default_settings.yaml,sha256=lgIKpirGuxRa06QCOxalPP9H-aObYhXFryrHkEKQNM0,572
+bitwarden_workflow_linter/default_actions.json,sha256=WU6olaa9ldyWRXDmVz8wtBcgE28BSjJc7Evt26GkFPY,11120
+bitwarden_workflow_linter/default_settings.yaml,sha256=2VwOcB0g3v4A2Kt2UgGFM0TSpfd6S0oNA0SkTa5tGJA,576
 bitwarden_workflow_linter/lint.py,sha256=RDHv5jGeGCf5XIHE8jyqQET3-cFykl7223SQVS4Q3pg,5525
 bitwarden_workflow_linter/load.py,sha256=Ece2bwSSYeQ1xQQEjjqY6DlCkwznFYLG56VW_VTxU4E,4472
 bitwarden_workflow_linter/rule.py,sha256=Qb60JiUDAWN3ayrMGoSbbDCSFmw-ql8djzAkxISaob4,3250
@@ -13,15 +13,15 @@ bitwarden_workflow_linter/models/job.py,sha256=nBK7_VYu6RRST7WLtdLsoRErl5j4Er8W9
 bitwarden_workflow_linter/models/step.py,sha256=1bKAtKZmHcO8O1e_HuoXxR1bwHDEXUssYo7EHOjY7QI,1711
 bitwarden_workflow_linter/models/workflow.py,sha256=MkqvIY4JX2eWFODNTodS_l4I8uUq08WCHy3C4kYcL0s,1395
 bitwarden_workflow_linter/rules/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-bitwarden_workflow_linter/rules/job_environment_prefix.py,sha256=HJeZhw1JVk4PTYZUY8C2j9wG5x5SqaNy_6WHHlZ_iM4,2531
-bitwarden_workflow_linter/rules/name_capitalized.py,sha256=XwRZ33OeQv_i7z_2Yf7TEgJNodOl5byXfegqfmhaTYQ,1914
+bitwarden_workflow_linter/rules/job_environment_prefix.py,sha256=sY1cBU5AeBHWSyun7gwnoS0ycRyBMjjVo_2lvanBj7U,2612
+bitwarden_workflow_linter/rules/name_capitalized.py,sha256=quuqXM_qg93UE8mQo1YQp8cQ_Fx6c2u03_19s_c0ntw,1981
 bitwarden_workflow_linter/rules/name_exists.py,sha256=MxcaNQz64JXeHRPiOip9BxJNgPdpKQa7Z51mDoNw2hU,1681
 bitwarden_workflow_linter/rules/pinned_job_runner.py,sha256=Dm6_sdPX0yFMji_y2LMFj4gWFaToEgauyBVpNRP2qiI,1606
-bitwarden_workflow_linter/rules/step_approved.py,sha256=xZE9x40P-C4SqOxjYN3ZHR4gxWSkYJFEfYwEzA2c05w,3287
-bitwarden_workflow_linter/rules/step_pinned.py,sha256=CSHbyeLx1uT8exRzOgFVc1dzMJGnbXhTHiteaoOLWUk,3390
-bitwarden_workflow_linter/rules/underscore_outputs.py,sha256=johfE2Qwb_ww4xbW5u-ug37wNZbHZgKdRYg339cxUR8,4381
-bitwarden_workflow_linter-0.2.1.dist-info/METADATA,sha256=-2gvyfTfmDQrjtDMT1kwxuISDAvoikpJkXj611PdvSI,6146
-bitwarden_workflow_linter-0.2.1.dist-info/WHEEL,sha256=C2FUgwZgiLbznR-k0b_5k3Ai_1aASOXDss3lzCUsUug,87
-bitwarden_workflow_linter-0.2.1.dist-info/entry_points.txt,sha256=SA_yF9CwL4VMUvdcmCd7k9rjsQNzfeOUBuDnMnaO8QQ,60
-bitwarden_workflow_linter-0.2.1.dist-info/licenses/LICENSE.txt,sha256=uY-7N9tbI7xc_c0WeTIGpacSCnsB91N05eCIg3bkaRw,35140
-bitwarden_workflow_linter-0.2.1.dist-info/RECORD,,
+bitwarden_workflow_linter/rules/step_approved.py,sha256=6XuYoasw2ME8vQu5G0ZygUSi7X5amLLWeXH81cqvKv8,3159
+bitwarden_workflow_linter/rules/step_pinned.py,sha256=fyqBjarR0UNQ6tU_ja0ZOi2afP942BMqOz5nU_yKzmw,3413
+bitwarden_workflow_linter/rules/underscore_outputs.py,sha256=w8pP1dTJEC9I2X5fQIAHDAEiaNP1xMhb4kPiF-dn8U0,4131
+bitwarden_workflow_linter-0.3.1.dist-info/METADATA,sha256=s7fNYZYIIfVgouZwoRFwAlxSlokQ18vqcaCZ5YGl6_s,6172
+bitwarden_workflow_linter-0.3.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+bitwarden_workflow_linter-0.3.1.dist-info/entry_points.txt,sha256=SA_yF9CwL4VMUvdcmCd7k9rjsQNzfeOUBuDnMnaO8QQ,60
+bitwarden_workflow_linter-0.3.1.dist-info/licenses/LICENSE.txt,sha256=uY-7N9tbI7xc_c0WeTIGpacSCnsB91N05eCIg3bkaRw,35140
+bitwarden_workflow_linter-0.3.1.dist-info/RECORD,,

{bitwarden_workflow_linter-0.2.1.dist-info → bitwarden_workflow_linter-0.3.1.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: hatchling 1.26.3
+Generator: hatchling 1.27.0
 Root-Is-Purelib: true
 Tag: py3-none-any