@@ -59,31 +59,68 @@ export function parseFromInputFile(actionsToAuditFilename) {
5959}
6060
6161// Regex to spot, e.g. Download action repository 'actions/checkout@v4' (SHA:11bd71901bbe5b1630ceea73d27597364c9af683)
62- const actionRegex = / ^ D o w n l o a d a c t i o n r e p o s i t o r y ' ( .+ ?) ' \( S H A : ( .+ ?) \) / ;
62+ const mutableActionPrefix = "Download action repository '" ;
63+ const mutableActionRegex = / ^ D o w n l o a d a c t i o n r e p o s i t o r y ' ( [ ^ ' ] + ?) ' \( S H A : ( [ ^ ) ] + ?) \) / ;
64+ const immutableActionPrefix = "##[group]Download immutable action package '" ;
65+ const immutableActionRegex = / ^ # # \[ g r o u p \] D o w n l o a d i m m u t a b l e a c t i o n p a c k a g e ' ( [ ^ ' ] + ?) ' / ;
6366
6467export function searchForActionsLines ( logContent ) {
6568 const logLines = logContent . split ( "\n" ) ;
6669 const actions = [ ] ;
6770 let foundActions = false ;
71+ let inImmutableGroup = false ;
72+ let immutableAction = { } ;
6873
6974 for ( const line of logLines ) {
7075 // separate the timestamp from the data
7176 const data = line . split ( " " ) . slice ( 1 ) . join ( " " ) ;
7277 if ( data == undefined ) {
7378 continue ;
7479 }
75- if ( data . startsWith ( "Download action repository '" ) ) {
80+ if ( data . startsWith ( mutableActionPrefix ) ) {
7681 foundActions = true ;
77- const match = actionRegex . exec ( data ) ;
82+ const match = mutableActionRegex . exec ( data ) ;
7883 if ( match ) {
7984 const action = match [ 1 ] ;
8085 const sha = match [ 2 ] ;
8186
8287 const [ repo , version ] = action . split ( "@" ) ;
8388 actions . push ( [ repo , version , sha ] ) ;
8489 }
85- // quit processing the log after the first line that is not an action, if we already found actions
90+ } else if ( data . startsWith ( immutableActionPrefix ) ) {
91+ foundActions = true ;
92+ inImmutableGroup = true ;
93+ const match = immutableActionRegex . exec ( data ) ;
94+ if ( match ) {
95+ const action = match [ 1 ] ;
96+ const tag = match [ 2 ] ;
97+
98+ immutableAction = {
99+ action : action ,
100+ tag : tag ,
101+ version : null ,
102+ sha : null ,
103+ digest : null ,
104+ }
105+ }
106+ } else if ( inImmutableGroup && data . startsWith ( "##[endgroup]" ) ) {
107+ actions . push ( [ immutableAction . action , ] )
108+ inImmutableGroup = false ;
109+ } else if ( inImmutableGroup ) {
110+ const versionMatch = data . match ( / V e r s i o n : ( [ a - z A - Z 0 - 9 . _ - ] + ) / ) ;
111+ const shaMatch = data . match ( / S o u r c e c o m m i t S H A : ( [ a - f 0 - 9 ] { 40 , } ) / ) ;
112+ const digestMatch = data . match ( / D i g e s t : s h a 2 5 6 : [ a - f 0 - 9 ] { 64 } / ) ;
113+ if ( versionMatch ) {
114+ immutableAction . version = versionMatch [ 1 ] ;
115+ }
116+ if ( shaMatch ) {
117+ immutableAction . sha = shaMatch [ 1 ] ;
118+ }
119+ if ( digestMatch ) {
120+ immutableAction . digest = digestMatch [ 0 ] ;
121+ }
86122 } else if ( foundActions ) {
123+ // quit processing the log after the first line that is not an action, if we already found actions
87124 break ;
88125 }
89126 }
0 commit comments