zgosalvez
diff --git a/Diff for: ‎README.md
+1 b/Diff for: ‎README.md
+1
diff --git a/Diff for: ‎action.yml
+3 b/Diff for: ‎action.yml
+3
diff --git a/Diff for: ‎dist/index.js
+12-3 b/Diff for: ‎dist/index.js
+12-3
diff --git a/Diff for: ‎dist/index.js.map
+1-1 b/Diff for: ‎dist/index.js.map
+1-1
diff --git a/Diff for: ‎src/index.js
+12-3 b/Diff for: ‎src/index.js
+12-3
@@ -16,6 +16,7 @@ For more information on these inputs, see the [Workflow syntax for GitHub Action
     aws-actions/          # Trust all actions published by aws-actions
     docker/login-action   # Trust docker's login-action only
 ```
+- `dry_run`: Set to `true` to show warnings instead of failing. Optional. Default: `false` (fail on any error)
 
 ### Outputs
 None. This action will throw an error if it finds GitHub Actions that are not pinned to full length commit SHAs.
 
@@ -12,3 +12,6 @@ branding:
 inputs:
   allowlist:
     description: 'The list of owners or repositories that will be ignored and will not throw an error. Each entry must be on a new line. Optional. Default: `` (deny all)'
+  dry_run:
+    description: 'Set to `true` to show warnings instead of failing. Optional. Default: `false` (fail on any error)'
+    default: false
@@ -8,6 +8,7 @@ const yaml = require('yaml');
 async function run() {
   try {
     const allowlist = core.getInput('allowlist');
+    const isDryRun = core.getInput('dry_run') === 'true' ? true : false;
     const workflowsPath = process.env['ZG_WORKFLOWS_PATH'] || '.github/workflows';
     const globber = await glob.create([workflowsPath + '/*.yaml', workflowsPath + '/*.yml'].join('\n'));
     let actionHasError = false;
@@ -34,7 +35,7 @@ async function run() {
             actionHasError = true;
             fileHasError = true;
 
-            core.error(`${uses} is not pinned to a full length commit SHA.`);
+            reportError(`${uses} is not pinned to a full length commit SHA.`, isDryRun);
           }
         } else if (steps !== undefined) {
           for (const step of steps) {
@@ -44,7 +45,7 @@ async function run() {
               actionHasError = true;
               fileHasError = true;
 
-              core.error(`${uses} is not pinned to a full length commit SHA.`);
+              reportError(`${uses} is not pinned to a full length commit SHA.`, isDryRun);
             }
           }
         } else {
@@ -59,7 +60,7 @@ async function run() {
       core.endGroup();
     }
 
-    if (actionHasError) {
+    if (!isDryRun && actionHasError) {
       throw new Error('At least one workflow contains an unpinned GitHub Action version.');
     }
   } catch (error) {
@@ -91,3 +92,11 @@ function assertUsesAllowlist(uses, allowlist) {
 
   return isAllowed;
 }
+
+function reportError(message, isDryRun) {
+  if (isDryRun) {
+    core.warning(message);
+  } else {
+    core.error(message);
+  }
+}