ghasum as an Action

[ericcornelissen]

Depends on #2

Summary

Make it convenient to run ghasum as part of a GitHub Actions workflow in order to continuously and at runtime check the integrity of the Actions in a workflow. To achieve this, I think it makes to most sense to offer ghasum as a GitHub Action.

Example

name: Example
on: [push]

jobs:
  example:
    name: example
    runs-on: ubuntu-latest
    steps:
    - name: Validate Actions Integrity
      uses: ericcornelissen/[email protected]
    - name: Checkout repository
      uses: actions/[email protected]
    # Rest ...

Goals

• The Action should validate the integrity of the actions used in the current job.
• Ideally this can validate the repositories as pulled by the GitHub Actions infrastructure.

[ericcornelissen]

The ${{ github.action_path }} context value can be used to determine the location of checkout out action as ${{ github.action_path }}/../... This works both for "normal" jobs and jobs running in a container: (ref #43).

[ericcornelissen]

This project has been using something like this (though not as a Action) for a while now, see e.g.:

https://github.com/ericcornelissen/ghasum/blob/64c3f1728a966fd77d85e1c9f73df22f8e85934d/.github/workflows/check.yml#L21-L27

which satisfies both of the goals stated in the original issue (i.e. "The Action should validate the integrity of the actions used in the current job." and "Ideally this can validate the repositories as pulled by the GitHub Actions infrastructure.").