Only check the steps of the job currently being run

src/actions-util.test.ts

@@ -336,6 +336,8 @@ test("validateWorkflow() when on.pull_request for mismatched wildcard branches",
 });
 
 test("validateWorkflow() when HEAD^2 is checked out", (t) => {
+  process.env.GITHUB_JOB = "test";
+
   const errors = actionsutil.validateWorkflow({
     on: ["push", "pull_request"],
     jobs: { test: { steps: [{ run: "git checkout HEAD^2" }] } },
@@ -434,6 +436,8 @@ on:
 });
 
 test("validateWorkflow() should only report the first CheckoutWrongHead", (t) => {
+  process.env.GITHUB_JOB = "test";
+
   const errors = actionsutil.validateWorkflow(
     yaml.safeLoad(`
 name: "CodeQL"
@@ -447,9 +451,13 @@ jobs:
   test:
     steps:
       - run: "git checkout HEAD^2"
+
+  test2:
+    steps:
       - run: "git checkout HEAD^2"
-      - run: "git checkout HEAD^2"
-      - run: "git checkout HEAD^2"
+
+  test3:
+    steps:
       - run: "git checkout HEAD^2"
 `)
   );

src/actions-util.ts

@@ -211,18 +211,23 @@ export const WorkflowErrors = toCodedErrors({
 export function validateWorkflow(doc: Workflow): CodedError[] {
   const errors: CodedError[] = [];
 
-  // .jobs[key].steps[].run
-  outer: for (const job of Object.values(doc?.jobs || {})) {
-    if (Array.isArray(job?.steps)) {
-      for (const step of job?.steps) {
+  const jobName = process.env.GITHUB_JOB;
+
+  if (jobName) {
+    const job = doc?.jobs?.[jobName];
+
+    const steps = job?.steps;
+
+    if (Array.isArray(steps)) {
+      for (const step of steps) {
         // this was advice that we used to give in the README
         // we actually want to run the analysis on the merge commit
         // to produce results that are more inline with expectations
         // (i.e: this is what will happen if you merge this PR)
         // and avoid some race conditions
         if (step?.run === "git checkout HEAD^2") {
           errors.push(WorkflowErrors.CheckoutWrongHead);
-          break outer;
+          break;
         }
       }
     }