v3.0.0

Pull Requests | Issues | v2.2.1...v3.0.0

⚠ Breaking Changes

Note

If you don't use pinact configuration file .pinact.yaml, you don't need to do anything.

#855 Change the default schema version to 3 and abandon the version 2

• The format of .files[].pattern is changed from regular expression to glob pattern
• .ignore_actions[].ref gets required
• .version gets required
• Regular expressions must match exactly

How To Migrate

1. Update pinact to v2.2.0 or later
2. Run pinact migrate command to fix pinact configuration file

pinact migrate

3. Convert regular expressions to glob patterns in .files[].pattern
4. Fix .ignore_actions[].name and .ignore_actions[].ref

Regular expressions must match exactly.

For instance, name: actions/ doesn't match actions/checkout.
You need to fix this to actions/.* if you want to ignore all actions under actions organization.

Why are these breaking changes necessary?

The format of .files[].pattern is changed from regular expression to glob pattern

• To simplify the implementation
  • To fix bugs
• In most cases, glob is sufficient

.ignore_actions[].ref gets required

To improve the security.
You should restrict ignored action versions as much as possible.

.version gets required

To migrate configuration automatically.

Regular expressions must match exactly

To improve the security.
Partial match can cause potential security issues.
For instance, ref: main matches malicious-main with pinact v2.1.0.
Probably this is undesirable. And it's hard to find this issue.
As of pinact v3, ref: main matches with only main.

Note

• #840
• #845
• #851