fix pinning docker issue

Author: Devils-Knight

remediation/workflow/pin/pindocker.go

@@ -28,7 +28,7 @@ func PinDocker(inputYaml string) (string, bool, error) {
 	for jobName, job := range workflow.Jobs {
 
 		for _, step := range job.Steps {
-			if len(step.Uses) > 0 && strings.HasPrefix(step.Uses, "docker://") {
+			if len(step.Uses) > 0 && strings.HasPrefix(step.Uses, "docker://") && !strings.Contains(step.Uses, "@") {
 				localUpdated := false
 				out, localUpdated = pinDocker(step.Uses, jobName, out)
 				updated = updated || localUpdated
@@ -68,6 +68,8 @@ func pinDocker(action, jobName, inputYaml string) (string, bool) {
 
 	pinnedAction := fmt.Sprintf("%s:%s@%s # %s", leftOfAt[0], leftOfAt[1], imghash.String(), tag)
 	inputYaml = strings.ReplaceAll(inputYaml, action, pinnedAction)
+	// Revert the extra hash for already pinned docker actions
+	inputYaml = strings.ReplaceAll(inputYaml, pinnedAction+"@", action+"@")
 	updated = !strings.EqualFold(action, pinnedAction)
 	return inputYaml, updated
 }

testfiles/pindockers/input/dockeraction.yml

@@ -38,7 +38,7 @@ jobs:
       with:
         args: sh -c "cd conker && make --jobs"
     - name: Perform make replace
-      uses: docker://docker.io/markstreet/conker:latest
+      uses: docker://docker.io/markstreet/conker@sha256:1efef3bbdd297d1b321b9b4559092d3131961913bc68b7c92b681b4783d563f0 # latest
       with:
         args: sh -c "cd conker && make replace"