You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consumers of your action will then be able to specify that version to consume your action from the package, e.g.
- uses: your-name/your-action@v1.2.3
- uses: your-name/your-action@v1
This is indistinguishable from the existing syntax for mutable actions, which I assume is for backwards compatibility reasons.
Is there anyway for a consumer or analysis tool to know what security guarantees to expect from an action (e.g. if pinning to a SHA is necessary for immutability)?
The text was updated successfully, but these errors were encountered:
The README shows the following example for consuming an immutable action:
This is indistinguishable from the existing syntax for mutable actions, which I assume is for backwards compatibility reasons.
Is there anyway for a consumer or analysis tool to know what security guarantees to expect from an action (e.g. if pinning to a SHA is necessary for immutability)?
The text was updated successfully, but these errors were encountered: