fix(lerian-lib-version): IGNORE_PIN entries ignored when releases API returns non-200

[bedatty]

Description

When resolve_latest() returns "" (non-200 HTTP response from the GitHub Releases API), the main loop hits [[ -z "${latest}" ]] and calls continue, which skips the IGNORE_PIN check entirely. A caller who pinned a lib with .lerianstudiolibignore (e.g. lib-commons/v5@v5.3.0) will see the lib reported as _unknown_ instead of being compared against the pinned minimum version.

The README contract says: "Pin to a specific version — only fail if behind THIS version, not latest." That contract is broken when the API is degraded.

Affected code

src/validate/lerian-lib-version/action.yml — lines 283-298

latest=$(resolve_latest "${repo}" "${major_filter}")

if [[ -z "${latest}" ]]; then
    UNKNOWN++
    ...
    continue   # ← IGNORE_PIN check is never reached
fi

# Pinned ignore: latest target becomes the pinned version
target="${latest}"
if [[ -n "${IGNORE_PIN[${short_path}]:-}" ]]; then
    target="${IGNORE_PIN[${short_path}]}"
fi

Fix

Check IGNORE_PIN before calling resolve_latest. When a pin exists, skip the API call entirely and use the pin as the target:

marker_suffix=""
if [[ -n "${IGNORE_PIN[${short_path}]:-}" ]]; then
    target="${IGNORE_PIN[${short_path}]}"
    latest="${target}"
    marker_suffix=" (pinned)"
else
    latest=$(resolve_latest "${repo}" "${major_filter}")
    if [[ -z "${latest}" ]]; then
        UNKNOWN=$((UNKNOWN+1))
        printf '...' >> "${ROWS_FILE}"
        log "::warning ..."
        continue
    fi
    target="${latest}"
fi

Priority

Low — requires API degradation AND a pin to be configured simultaneously.