actions-digest

A command-line utility to resolve GitHub Action steps from git-ref actions/checkout@v2 to commit-sha actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579, written in Rust.

Using the commit SHA of a released action version is the safest for stability and security.

Source: [GitHub Documentation]

Usage

By default, actions-digest will write the data to stdout and its logs to stderr:

shell actions-digest workflow.yaml

To replace the workflow file in-place:

shell actions-digest workflow.yaml | sponge workflow.yaml

sponge is part of moreutils. It soaks up standard input to write it to a file.

If you want to keep a resolve log, write stderr to a file like so:

shell actions-digest workflow.yaml 2> workflow.yaml.log | sponge workflow.yaml

To avoid running into GitHub API rate-limiting quickly, use a Personal Access Token (PAT):

```shell export GITHUB_TOKEN=

or use -t|--github-token

actions-digest --github-token workflow.yaml ```

Installation

From Source

Actions digest is written in Rust. If you have its toolchain installed, you can run this command to install:

Latest Release

shell cargo install actions-digest

Latest Development Release

shell cargo install --git 'https://github.com/hendrikmaus/actions-digest' --branch main

To uninstall, use cargo uninstall <name>.

License

This project is released under the terms of the MIT license.