This comment on Github Action versions in Github workflows emphasizes the importance of taking measures to reduce the risk of being affected by supply chain attacks. One Measure is pinning the Github Actions in our workflows by commit hash rather than by tag.
Motivation
This comment on Github Action versions in Github workflows emphasizes the importance of taking measures to reduce the risk of being affected by supply chain attacks. One Measure is pinning the Github Actions in our workflows by commit hash rather than by tag.
How to test
Just see the workflows work.