Jobs with multiple steps will not fail if the last step is pinned #133

wadells · 2023-11-28T23:25:22Z

When a workflow has both pinned and unpinned steps, only the status of the final step is used to determine if the overall job should pass or fail. Consider the following workflow:

on:
  push:

name: Continuous Integration

jobs:
  check-github-actions:
    name: Check GitHub Actions
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Ensure SHA pinned actions
        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b35f285b9bb7e80de0967367cee66d3b6d50ceca # v3.0.1

This will pass because zgosalvez/github-actions-ensure-sha-pinned-actions is pinned (and the last step), whereas the earlier actions/checkout should cause the job to fail. If a 2nd actions/checkout@v4 is added after the pinned step, the job will no longer pass.

Tested using v3.0.1.

The text was updated successfully, but these errors were encountered:

wadells · 2023-11-28T23:27:08Z

I believe this was introduced in #127, where jobHasError was added.

wadells mentioned this issue Nov 28, 2023

Fix "last step wins" error #132

Merged

wadells mentioned this issue Nov 29, 2023

Add GitHub Action to lint incoming GitHub Actions gravitational/shared-workflows#188

Merged

zgosalvez closed this as completed in #132 Dec 3, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Jobs with multiple steps will not fail if the last step is pinned #133

Jobs with multiple steps will not fail if the last step is pinned #133

wadells commented Nov 28, 2023 •

edited

Loading

wadells commented Nov 28, 2023

Jobs with multiple steps will not fail if the last step is pinned #133

Jobs with multiple steps will not fail if the last step is pinned #133

Comments

wadells commented Nov 28, 2023 • edited Loading

wadells commented Nov 28, 2023

wadells commented Nov 28, 2023 •

edited

Loading