github
diff --git a/‎lib/actions-util.js‎
Lines changed: 7 additions & 4 deletions b/‎lib/actions-util.js‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎lib/actions-util.js.map‎
Lines changed: 1 addition & 1 deletion b/‎lib/actions-util.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/actions-util.test.js‎
Lines changed: 49 additions & 0 deletions b/‎lib/actions-util.test.js‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎lib/actions-util.test.js.map‎
Lines changed: 1 addition & 1 deletion b/‎lib/actions-util.test.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/actions-util.test.ts‎
Lines changed: 60 additions & 0 deletions b/‎src/actions-util.test.ts‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎src/actions-util.ts‎
Lines changed: 10 additions & 4 deletions b/‎src/actions-util.ts‎
Lines changed: 10 additions & 4 deletions
@@ -336,6 +336,8 @@ test("validateWorkflow() when on.pull_request for mismatched wildcard branches",
 });
 
 test("validateWorkflow() when HEAD^2 is checked out", (t) => {
+  process.env.GITHUB_JOB = "test";
+
   const errors = actionsutil.validateWorkflow({
     on: ["push", "pull_request"],
     jobs: { test: { steps: [{ run: "git checkout HEAD^2" }] } },
@@ -432,3 +434,61 @@ on:
 
   t.deepEqual(errors, []);
 });
+
+test("validateWorkflow() should only report the current job's CheckoutWrongHead", (t) => {
+  process.env.GITHUB_JOB = "test";
+
+  const errors = actionsutil.validateWorkflow(
+    yaml.safeLoad(`
+name: "CodeQL"
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+jobs:
+  test:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test2:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test3:
+    steps: []
+`)
+  );
+
+  t.deepEqual(errors, [actionsutil.WorkflowErrors.CheckoutWrongHead]);
+});
+
+test("validateWorkflow() should not report a different job's CheckoutWrongHead", (t) => {
+  process.env.GITHUB_JOB = "test3";
+
+  const errors = actionsutil.validateWorkflow(
+    yaml.safeLoad(`
+name: "CodeQL"
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+jobs:
+  test:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test2:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test3:
+    steps: []
+`)
+  );
+
+  t.deepEqual(errors, []);
+});
@@ -211,17 +211,23 @@ export const WorkflowErrors = toCodedErrors({
 export function validateWorkflow(doc: Workflow): CodedError[] {
   const errors: CodedError[] = [];
 
-  // .jobs[key].steps[].run
-  for (const job of Object.values(doc?.jobs || {})) {
-    if (Array.isArray(job?.steps)) {
-      for (const step of job?.steps) {
+  const jobName = process.env.GITHUB_JOB;
+
+  if (jobName) {
+    const job = doc?.jobs?.[jobName];
+
+    const steps = job?.steps;
+
+    if (Array.isArray(steps)) {
+      for (const step of steps) {
         // this was advice that we used to give in the README
         // we actually want to run the analysis on the merge commit
         // to produce results that are more inline with expectations
         // (i.e: this is what will happen if you merge this PR)
         // and avoid some race conditions
         if (step?.run === "git checkout HEAD^2") {
           errors.push(WorkflowErrors.CheckoutWrongHead);
+          break;
         }
       }
     }