fix merge conflicts (#16)

* fix merge conflicts

* fixing merge conflicts again

* Refactor for sensitivity

* Adds tests

Co-authored-by: Zennon Gosalvez <[email protected]>

Author: nackerman-nydig

.github/CONTRIBUTING.md

@@ -0,0 +1,9 @@
+# Welcome to the contributing guide
+
+Thank you for investing your time in contributing to our project!
+
+In this guide you will get an overview of the contribution workflow from opening an issue, creating a PR, reviewing, and merging the PR.
+
+## Requirements
+
+Any PR affecting the functionality in the `src` folder must have a corresponding `test`.

README.md

@@ -8,7 +8,14 @@ This GitHub Action (written in JavaScript) allows you to leverage GitHub Actions
 Create a workflow `.yml` file in your `.github/workflows` directory. An [example workflow](#common-workflow) is available below. For more information, reference the GitHub Help Documentation for [Creating a workflow file](https://help.github.com/en/articles/configuring-a-workflow#creating-a-workflow-file).
 
 ### Inputs
-None. This action will automatically scan for workflows in the `.github/workflows` directory.
+For more information on these inputs, see the [Workflow syntax for GitHub Actions](https://docs.github.com/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepswith)
+
+- `allowlist`: The list of owners or repositories that will be ignored and will not throw an error. Each entry must be on a new line. Optional. Default: `` (deny all). For example,
+```yaml
+  allowlist: |
+    aws-actions/          # Trust all actions published by aws-actions
+    docker/login-action   # Trust docker's login-action only
+```
 
 ### Outputs
 None. This action will throw an error if it finds GitHub Actions that are not pinned to full length commit SHAs.
@@ -30,7 +37,14 @@ jobs:
         uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
       - name: Ensure SHA pinned actions
         uses: zgosalvez/[email protected] # Replace this
+        with:
+          allowlist: |
+            aws-actions/
+            docker/login-action
 ```
 
+## Contributing
+See [the contributing guide](.github/CONTRIBUTING) for detailed instructions on how to get started with our project.
+
 ## License
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

action.yml

@@ -8,4 +8,7 @@ runs:
   main: 'dist/index.js'
 branding:
   icon: shield
-  color: gray-dark
+  color: gray-dark
+inputs:
+  allowlist:
+    description: 'The list of owners or repositories that will be ignored and will not throw an error. Each entry must be on a new line. Optional. Default: `` (deny all)'