skip comments in allowlist

[Automaat]

Hello, in Kuma we use this action, and we added comment to allowlist to preserve information why we've added comment why certain action was allowlisted: kumahq/.github#159 unfortunately this does not work as action treats whole line as prefix for action name, so comment is also taken into account, it would be nice to escape comments in allow list.

Code with the actual issue:

github-actions-ensure-sha-pinned-actions/src/index.js

Lines 83 to 96 in fc87bb5

	function assertUsesAllowlist(uses, allowlist) {
	if (!allowlist) {
	return false;
	}
	const action = uses.substr(0, uses.indexOf('@'));
	const isAllowed = allowlist.split(/\r?\n/).some((allow) => action.startsWith(allow));
	if(isAllowed) {
	core.info(`${action} matched allowlist — ignoring action.`)
	}
	return isAllowed;
	}