Merge pull request #2552 from vamshi-stepsecurity/bug/wild-card-for-action

varunsh-coder · web-flow · commit 1a3db37c9c49 · 2025-11-21T00:46:19.000-08:00
add more test cases
diff --git a/remediation/workflow/pin/pinactions_test.go b/remediation/workflow/pin/pinactions_test.go
@@ -33,6 +33,21 @@ func TestPinActions(t *testing.T) {
 				}
 			]`))
 
+	httpmock.RegisterResponder("GET", "https://api.github.com/repos/evans/shield/commits/v1",
+		httpmock.NewStringResponder(200, `a700eac5bf2a1c7a8cb6da0c13f93ed96fd53dbd`))
+
+	httpmock.RegisterResponder("GET", "https://api.github.com/repos/evans/shield/git/matching-refs/tags/v1.",
+		httpmock.NewStringResponder(200,
+			`[
+				{
+					"ref": "refs/tags/v1.0.3",
+					"object": {
+					"sha": "a700eac5bf2a1c7a8cb6da0c13f93ed96fd53dbd",
+					"type": "commit"
+					}
+				}
+			]`))
+
 	httpmock.RegisterResponder("GET", "https://api.github.com/repos/actions/checkout/commits/master",
 		httpmock.NewStringResponder(200, `61b9e3751b92087fd0b06925ba6dd6314e06f089`))
 
@@ -308,7 +323,7 @@ func TestPinActions(t *testing.T) {
 		{fileName: "actionwithcomment.yml", wantUpdated: true, pinToImmutable: true},
 		{fileName: "repeatedactionwithcomment.yml", wantUpdated: true, pinToImmutable: true},
 		{fileName: "immutableaction-1.yml", wantUpdated: true, pinToImmutable: true},
-		{fileName: "exemptaction.yml", wantUpdated: true, exemptedActions: []string{"actions/checkout", "rohith/*", "praveen/*", "aman-*/*", "*/seperate*"}, pinToImmutable: true},
+		{fileName: "exemptaction.yml", wantUpdated: true, exemptedActions: []string{"actions/checkout", "rohith/*", "praveen/*", "aman-*/*", "*/seperate*", "starc/*"}, pinToImmutable: true},
 		{fileName: "donotpintoimmutable.yml", wantUpdated: true, pinToImmutable: false},
 		{fileName: "invertedcommas.yml", wantUpdated: true, pinToImmutable: false},
 		{fileName: "pinusingmap.yml", wantUpdated: true, pinToImmutable: true},
@@ -330,6 +345,7 @@ func TestPinActions(t *testing.T) {
 			actionCommitMap = map[string]string{
 				"peter-evans-test/close-issue@v1": "a700eac5bf2a1c7a8cb6da0c13f93ed96fd53vam",
 				"peter-check/close-issue@v1.2.3":  "a700eac5bf2a1c7a8cb6da0c13f93ed96fd53tom",
+				"evans/shield-test/@v1.2.5":       "a700eac5bf2a1c7a8cb6da0c13f93ed96fd53cat",
 			}
 		}
 
diff --git a/testfiles/pinactions/input/basic.yml b/testfiles/pinactions/input/basic.yml
@@ -11,6 +11,12 @@ jobs:
     steps:
     - name: Close Issue
       uses: peter-evans/close-issue@v1
+      with:
+       issue-number: 1
+       comment: Auto-closing issue
+       
+    - name: test case
+      uses: evans/shield/@v1
       with:
        issue-number: 1
        comment: Auto-closing issue
diff --git a/testfiles/pinactions/input/exemptaction.yml b/testfiles/pinactions/input/exemptaction.yml
@@ -62,6 +62,14 @@ jobs:
       - name: publish on version change 2
         id: publish_nuget
         uses: smith/seperate/from-version@v2
+        with:
+          PROJECT_FILE_PATH: Core/Core.csproj
+          NUGET_KEY: ${{ secrets.GITHUB_TOKEN }}
+          NUGET_SOURCE: https://nuget.pkg.github.com/OWNER/index.json
+
+      - name: publish on version change 2
+        id: publish_nuget
+        uses: starc/swing/from-version/@v2
         with:
           PROJECT_FILE_PATH: Core/Core.csproj
           NUGET_KEY: ${{ secrets.GITHUB_TOKEN }}
diff --git a/testfiles/pinactions/input/pinusingmap.yml b/testfiles/pinactions/input/pinusingmap.yml
@@ -23,6 +23,12 @@ jobs:
 
     - name: Close Issue
       uses: peter-check/close-issue@v1.2.3
+      with:
+       issue-number: 1
+       comment: Auto-closing issue
+
+    - name: test case
+      uses: evans/shield-test/@v1.2.5
       with:
        issue-number: 1
        comment: Auto-closing issue
diff --git a/testfiles/pinactions/output/basic.yml b/testfiles/pinactions/output/basic.yml
@@ -11,6 +11,12 @@ jobs:
     steps:
     - name: Close Issue
       uses: peter-evans/close-issue@a700eac5bf2a1c7a8cb6da0c13f93ed96fd53dbe # v1.0.3
+      with:
+       issue-number: 1
+       comment: Auto-closing issue
+       
+    - name: test case
+      uses: evans/shield/@a700eac5bf2a1c7a8cb6da0c13f93ed96fd53dbd # v1.0.3
       with:
        issue-number: 1
        comment: Auto-closing issue
diff --git a/testfiles/pinactions/output/exemptaction.yml b/testfiles/pinactions/output/exemptaction.yml
@@ -62,6 +62,14 @@ jobs:
       - name: publish on version change 2
         id: publish_nuget
         uses: smith/seperate/from-version@v2
+        with:
+          PROJECT_FILE_PATH: Core/Core.csproj
+          NUGET_KEY: ${{ secrets.GITHUB_TOKEN }}
+          NUGET_SOURCE: https://nuget.pkg.github.com/OWNER/index.json
+
+      - name: publish on version change 2
+        id: publish_nuget
+        uses: starc/swing/from-version/@v2
         with:
           PROJECT_FILE_PATH: Core/Core.csproj
           NUGET_KEY: ${{ secrets.GITHUB_TOKEN }}
diff --git a/testfiles/pinactions/output/pinusingmap.yml b/testfiles/pinactions/output/pinusingmap.yml
@@ -23,6 +23,12 @@ jobs:
 
     - name: Close Issue
       uses: peter-check/close-issue@a700eac5bf2a1c7a8cb6da0c13f93ed96fd53tom # v1.2.3
+      with:
+       issue-number: 1
+       comment: Auto-closing issue
+
+    - name: test case
+      uses: evans/shield-test/@a700eac5bf2a1c7a8cb6da0c13f93ed96fd53cat # v1.2.5
       with:
        issue-number: 1
        comment: Auto-closing issue
