Skip to content

test #381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
suzuki-shunsuke wants to merge 6 commits into
base: main
Choose a base branch
from
Open

test #381

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
97c634c
test
suzuki-shunsuke May 23, 2026
6bc1c69
test
suzuki-shunsuke May 23, 2026
c894b94
fix
suzuki-shunsuke May 23, 2026
83b3595
test
suzuki-shunsuke May 23, 2026
86100ff
debug
suzuki-shunsuke May 23, 2026
415020b
test
suzuki-shunsuke May 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 11 additions & 10 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
---
name: test
on:
pull_request:
types: [closed]
pull_request_review:
types: [submitted]
on: pull_request
jobs:
test:
if: |
endsWith(github.event.pull_request.user.login, '[bot]') &&
((github.event_name == 'pull_request_review' && github.event.review.state == 'approved') ||
github.event_name == 'pull_request')
runs-on: ubuntu-24.04
timeout-minutes: 15
permissions:
pull-requests: write
contents: read
steps:
- uses: suzuki-shunsuke/notify-bot-pr-event-action@pr/1
- uses: suzuki-shunsuke/pr-unified-diff-action@v0.0.1

Check failure on line 12 in .github/workflows/test.yaml

View workflow job for this annotation

GitHub Actions / test

pinact error 

action can't be pinned
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Confirm unpinned refs in this workflow
rg -nP '^\s*-\s*uses:\s*[^@]+@[^0-9a-f]{40}\b' .github/workflows/test.yaml

# Resolve current refs to immutable SHAs (read-only)
gh api repos/suzuki-shunsuke/pr-unified-diff-action/commits/v0.0.1 --jq '.sha'
gh api repos/suzuki-shunsuke/pinact-action/commits/pr/1065 --jq '.sha'

Repository: szksh-lab-2/test-github-action

Length of output: 56

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== test.yaml =="
nl -ba .github/workflows/test.yaml | sed -n '1,120p'

echo
echo "== uses lines =="
rg -n --fixed-string "uses:" .github/workflows/test.yaml

echo
echo "== non-SHA uses pattern matches =="
rg -nP '^\s*-\s*uses:\s*[^@]+@[^0-9a-f]{40}\b' .github/workflows/test.yaml || true

Repository: szksh-lab-2/test-github-action

Length of output: 151

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== tooling =="
command -v rg || true
command -v cat || true
command -v sed || true
command -v awk || true

echo
echo "== test.yaml (numbered) =="
cat -n .github/workflows/test.yaml | sed -n '1,200p'

echo
echo "== lines containing 'uses:' =="
rg -n "uses:" .github/workflows/test.yaml 2>/dev/null || true

echo
echo "== non-SHA uses pattern matches =="
rg -nP '^\s*-\s*uses:\s*[^@]+@[^0-9a-f]{40}\b' .github/workflows/test.yaml 2>/dev/null || true

Repository: szksh-lab-2/test-github-action

Length of output: 1016

🌐 Web query:

Find the commit SHA for suzuki-shunsuke/pr-unified-diff-action tag v0.0.1

💡 Result:

I can’t determine the commit SHA for tag v0.0.1 in suzuki-shunsuke/pr-unified-diff-action from the sources retrieved so far. The GitHub repo page shows that a release/tag v0.0.1 exists, but the commit SHA that v0.0.1 points to is not included in the surfaced content snippets [1]. To get the exact SHA, you’d typically open the tag/release entry for v0.0.1 and read the commit it references (e.g., the “tag” or “commit” page for v0.0.1).

Citations:

🌐 Web query:

Find the commit SHA for suzuki-shunsuke/pinact-action corresponding to pull request #1065 (refs: pr/1065)

💡 Result:

I couldn’t retrieve the commit SHA for suzuki-shunsuke/pinact-action pull request #1065 (refs: pr/1065) from the sources available in the searches I ran. The search results returned commits/PRs for other numbers (e.g., #1491 for pinact-action version bump, and unrelated pinact PRs) but no page or API snippet for pinact-action PR #1065 that includes its merge/HEAD commit SHA. If you want, I can try one more targeted lookup specifically for the PR page (pinact-action/pull/1065) or the PR refs endpoint (refs/pull/1065) to extract the exact SHA.

Citations:

Pin GitHub Actions uses refs to commit SHAs in .github/workflows/test.yaml.

  • .github/workflows/test.yaml uses non-SHA refs: suzuki-shunsuke/pr-unified-diff-action@v0.0.1 (line 12) and suzuki-shunsuke/pinact-action@pr/1065 (line 17). Replace both with immutable 40-char commit SHAs.
🔧 Proposed change 
-      - uses: suzuki-shunsuke/pr-unified-diff-action@v0.0.1
+      - uses: suzuki-shunsuke/pr-unified-diff-action@<40-char-commit-sha>
         id: diff
@@
-      - uses: suzuki-shunsuke/pinact-action@pr/1065
+      - uses: suzuki-shunsuke/pinact-action@<40-char-commit-sha>
🧰 Tools
🪛 GitHub Actions: test / 0_test.txt

[error] 12-12: pinact run failed: failed to handle a line. ERROR: action can't be pinned. Unpinned GitHub Action reference: 'suzuki-shunsuke/pr-unified-diff-action@v0.0.1'.

🪛 GitHub Actions: test / test

[error] 12-12: pinact failed: action can't be pinned. Pinact reported: "failed to handle a line: action can't be pinned" for step using suzuki-shunsuke/pr-unified-diff-action@v0.0.1.

🪛 GitHub Check: test

[failure] 12-12: pinact error
action can't be pinned

🪛 zizmor (1.25.2)

[error] 12-12: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/test.yaml at line 12, The workflow uses mutable refs for
actions; replace the non-SHA refs
"suzuki-shunsuke/pr-unified-diff-action@v0.0.1" and
"suzuki-shunsuke/pinact-action@pr/1065" with their corresponding immutable
40-character commit SHAs (i.e., change the @<tag/branch> suffix to
@<40-char-commit-sha>) so the actions are pinned; update both occurrences in
.github/workflows/test.yaml ensuring each uses a full 40-character commit SHA
string.

id: diff
- run: cat "$DIFF_FILE"
env:
DIFF_FILE: ${{ steps.diff.outputs.diff_path }}
- uses: suzuki-shunsuke/pinact-action@pr/1065

Check failure on line 17 in .github/workflows/test.yaml

View workflow job for this annotation

GitHub Actions / test

pinact error 

action can't be pinned
with:
no_api: true
fix: false
diff_file: ${{ steps.diff.outputs.diff_path }}
Loading