Closed Schwartz-Matthew-bah closed 1 month ago
bluesentinelsec
commented
1 month ago Thank you for the feedback.
I think your request is valid and aligns with what we see in successful projects like actions/checkout.
We will investigate this as part of our next release.
I will try to give you advanced notice when we have firm dates for the next release.
bluesentinelsec
commented
1 month ago Our latest release, v1.1.4 is now tagged with v1.
To use this, you'll have to update your workflows like so:
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1You can still lock to specific versions if you need deterministic results:
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.4Thank you again for raising this, as it makes consuming minor and hotfix updates much easier for all users going forward.
bluesentinelsec
commented
1 month ago Marking this issue as resolved. Please re-open the issue if there are subsequent problems.
Schwartz-Matthew-bah
commented
1 month ago Thank you! This is great!
Description
Currently it is only possible to specify the exact major.minor.patch version of the action when referencing it. This means that any minor or patch updates will be missed unless we also track those.
Expected Behavior
Specifying the major version only should reference a tag that has the latest minor and patch version as well. In the steps-to-reproduce example referencing
@v1should point us to@v1.1.3(or whatever is latest).Actual Behavior
Major version tags are not present and cannot be referenced.
Steps to Reproduce
Working:
Not working:
Other Information
If we look at other Github actions such as
actions/checkoutwe can see they publish a v4 tag that essentially acts as a pointer to v4.1.7 (at the time of creating this issue). https://github.com/actions/checkout/releases/tag/v4