As mentioned in the GitHub documentation, best practice for consuming third-party actions is to use a fixed reference such as a tag or SHA. The current README documentation shows this action being consumed @master, which is not ideal from a stability perspective.
I would request one of the following:
(a) Implement release management using tags as described in the GitHub docs linked above. Since it seems like this action is rarely updated, this could be as simple as adding a v1 and v1.0.0 tags pointing at the latest commit on master. Then update the README documentation to show the action being consumed using cloudsmith-io/action@v1 instead of cloudsmith-io/action@master.
(b) Update the README documentation to show consumption via a SHA, e.g. cloudsmith-io/action@04d1b7d955cd82529987396158a17fae4faa4d54
Hello,
As mentioned in the GitHub documentation, best practice for consuming third-party actions is to use a fixed reference such as a tag or SHA. The current README documentation shows this action being consumed
@master
, which is not ideal from a stability perspective.I would request one of the following:
(a) Implement release management using tags as described in the GitHub docs linked above. Since it seems like this action is rarely updated, this could be as simple as adding a
v1
andv1.0.0
tags pointing at the latest commit onmaster
. Then update the README documentation to show the action being consumed usingcloudsmith-io/action@v1
instead ofcloudsmith-io/action@master
.(b) Update the README documentation to show consumption via a SHA, e.g.
cloudsmith-io/action@04d1b7d955cd82529987396158a17fae4faa4d54
Thanks for considering.