From c532eed650905c678fb2ad39592d04b0da082a72 Mon Sep 17 00:00:00 2001
From: Jeff Mendoza <jlm@jlm.name>
Date: Fri, 1 Mar 2024 11:33:01 -0800
Subject: [PATCH] Fix parsing of github action name.

Signed-off-by: Jeff Mendoza <jlm@jlm.name>
---
 pkg/policies/action/action.go | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/pkg/policies/action/action.go b/pkg/policies/action/action.go
index cfa8625d..cdfb4d5e 100644
--- a/pkg/policies/action/action.go
+++ b/pkg/policies/action/action.go
@@ -18,7 +18,6 @@ package action
 import (
 	"context"
 	"fmt"
-	"regexp"
 	"sort"
 	"strings"
 
@@ -34,8 +33,6 @@ import (
 const configFile = "actions.yaml"
 const polName = "GitHub Actions"
 
-var actionNameVersionRegex = regexp.MustCompile(`^([a-zA-Z0-9_\-.]+\/[a-zA-Z0-9_\-.]+)@([a-zA-Z0-9\-.]+)$`)
-
 const failText = "This policy, specified at the organization level, sets requirements for Action use by repos within the organization. This repo is failing to fully comply with organization policies, as explained below.\n\n```\n%s```\n\nSee the org-level %s policy configuration for details."
 
 const maxWorkflows = 50
@@ -270,8 +267,8 @@ func (a Action) Check(ctx context.Context, c *github.Client, owner,
 					// Missing uses in step
 					continue
 				}
-				sm := actionNameVersionRegex.FindStringSubmatch(actionStep.Uses.Value)
-				if sm == nil {
+				sm := strings.SplitN(actionStep.Uses.Value, "@", 2)
+				if len(sm) != 2 {
 					// Ignore invalid Action
 					log.Warn().
 						Str("org", owner).
@@ -281,8 +278,8 @@ func (a Action) Check(ctx context.Context, c *github.Client, owner,
 						Msg("Ignoring invalid action")
 					continue
 				}
-				name := sm[1]
-				version := sm[2]
+				name := sm[0]
+				version := sm[1]
 				actions = append(actions, &actionMetadata{
 					name:             name,
 					version:          version,