actions-digest

A command-line utility to resolve GitHub Action steps from git-ref actions/checkout@v2 to commit-sha actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579, written in Rust.

Using the commit SHA of a released action version is the safest for stability and security.

Source: GitHub Documentation

Usage

Please mind that actions-digest is in its infancy and very limited. Once run, it can currently not update the workflow files with newer versions of the steps it first digested.

By default, actions-digest will write the data to stdout and its logs to stderr:

actions-digest workflow.yaml

To replace the workflow file in-place:

actions-digest workflow.yaml | sponge workflow.yaml

sponge is part of moreutils. It soaks up standard input to write it to a file.

If you want to keep a resolve log, write stderr to a file like so:

actions-digest workflow.yaml 2> workflow.yaml.log | sponge workflow.yaml

To avoid running into GitHub API rate-limiting quickly, use a Personal Access Token (PAT):

export GITHUB_TOKEN=<PAT>

# or use -t|--github-token

actions-digest --github-token <PAT> workflow.yaml

Installation

From Source

Actions digest is written in Rust. If you have its toolchain installed, you can run this command to install:

Latest Release

cargo install actions-digest

Latest Development Release

cargo install --git 'https://github.com/hendrikmaus/actions-digest' --branch main

To uninstall, use cargo uninstall <name>.

License

This project is released under the terms of the MIT license.