fix merge conflicts (#16)

* fix merge conflicts * fixing merge conflicts again * Refactor for sensitivity * Adds tests Co-authored-by: Zennon Gosalvez <1798166+zgosalvez@users.noreply.github.com>
zgosalvez · Feb 13, 2022 · a397475 · a397475
1 parent 0b552a1
commit a397475
Show file tree

Hide file tree

Showing 9 changed files with 77 additions and 4,767 deletions.
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -0,0 +1,9 @@
+# Welcome to the contributing guide
+
+Thank you for investing your time in contributing to our project!
+
+In this guide you will get an overview of the contribution workflow from opening an issue, creating a PR, reviewing, and merging the PR.
+
+## Requirements
+
+Any PR affecting the functionality in the `src` folder must have a corresponding `test`.
diff --git a/README.md b/README.md
@@ -8,7 +8,14 @@ This GitHub Action (written in JavaScript) allows you to leverage GitHub Actions
 Create a workflow `.yml` file in your `.github/workflows` directory. An [example workflow](#common-workflow) is available below. For more information, reference the GitHub Help Documentation for [Creating a workflow file](https://help.github.com/en/articles/configuring-a-workflow#creating-a-workflow-file).
 
 ### Inputs
-None. This action will automatically scan for workflows in the `.github/workflows` directory.
+For more information on these inputs, see the [Workflow syntax for GitHub Actions](https://docs.github.com/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepswith)
+
+- `allowlist`: The list of owners or repositories that will be ignored and will not throw an error. Each entry must be on a new line. Optional. Default: `` (deny all). For example,
+```yaml
+  allowlist: |
+    aws-actions/          # Trust all actions published by aws-actions
+    docker/login-action   # Trust docker's login-action only
+```
 
 ### Outputs
 None. This action will throw an error if it finds GitHub Actions that are not pinned to full length commit SHAs.
@@ -30,7 +37,14 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
       - name: Ensure SHA pinned actions
         uses: zgosalvez/github-actions-ensure-sha-pinned-actions@v1.0.1 # Replace this
+        with:
+          allowlist: |
+            aws-actions/
+            docker/login-action
 ```
 
+## Contributing
+See [the contributing guide](.github/CONTRIBUTING) for detailed instructions on how to get started with our project.
+
 ## License
 The scripts and documentation in this project are released under the [MIT License](LICENSE)
diff --git a/action.yml b/action.yml
@@ -8,4 +8,7 @@ runs:
   main: 'dist/index.js'
 branding:
   icon: shield
-  color: gray-dark
+  color: gray-dark
+inputs:
+  allowlist:
+    description: 'The list of owners or repositories that will be ignored and will not throw an error. Each entry must be on a new line. Optional. Default: `` (deny all)'
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map