If you have an action or workflow already using a SHA and you run gh actlock it responds with
workflows/trivy-build-and-scan-docker-image.yml@85d3a1fb043d286a1d6b787814ec782dd415b169' on line 15 already pinned to SHA: 85d3a1fb043d286a1d6b787814ec782dd415b169
The desired outcome would be:
workflows/trivy-build-and-scan-docker-image.yml@85d3a1fb043d286a1d6b787814ec782dd415b169' on line 15 already pinned to SHA: 85d3a1fb043d286a1d6b787814ec782dd415b169 # vX.Y.Z
The SHA is for the computer. The version is for the human.
If you have an action or workflow already using a SHA and you run
gh actlockit responds withThe desired outcome would be:
The SHA is for the computer. The version is for the human.