Closed thewilkybarkid closed 1 year ago
@1.1
doesn't seem to work: Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/runner/work/_actions/superfly/flyctl-actions/1.1/setup-flyctl'
I also would love from a security standpoint if there were verified tagged releases that we could depend on, rather than just depending on whatever happens to be latest, and have that potentially break our deployment steps.
Meanwhile, it's possible to pin GitHub actions to a commit SHA like this:
- uses: superfly/flyctl-actions/setup-flyctl@67ddda2a87628f1aff28a54b8a708879ec62c80f # 1.1
Dependabot will update the commit SHA whenever there's a new commit. The comment next to the commit will also be updated if the version number changes.
Actually I see that there is already what we want which is versioning for flyctl
itself: https://github.com/superfly/flyctl-actions#usage-for-deployment.
Would it be possible to get a new version released as asked for above? I wanted to switch to the setup-flyctl usage, but don't want to point to master to avoid brittleness.
Most people will be fine with versioning flyctl itself like this:
- uses: superfly/flyctl-actions/setup-flyctl@master
with:
version: 0.1.0
If we do another release of the action itself, we'll version it.
v4.1
and also the major v1
tag have been added. This should let you use setup-flyctl
. Sorry for the trouble.
@jsierles I just tried, but my build has failed with:
Error: Unable to resolve action `superfly/flyctl-actions@v1.4`, unable to find version `v1.4`
Oh, hang on, the release is named v1.4
, but the tag is actually just 1.4
.
I just added v1.4
as well.
Thanks, it's working now.
Hi, just to share that we use this GH workflow to release a githubaction 😄
It syncs the minor/major/patch
git tags so users can pin:
myaction@v1 -> always the most recent major
myaction@v1.5 -> always the most fixed minor
myaction@v1.5.1 -> stick to this version
When you want to release you need to:
I'm following the current README instructions to use
superfly/flyctl-actions/setup-flyctl@master
, which works great. However, I'd rather pin a version of the action (and let Dependabot update it).https://github.com/marketplace/actions/github-action-for-flyctl currently shows![image](https://user-images.githubusercontent.com/1784740/168035758-bb372295-096f-49ce-b91d-97915505cb53.png)
1.1
as the latest version:But the latest tag is
1.3
.I've not published an Action, so I'm not sure what the details are, but could they be aligned and the README changed? (Using
v1
there like setup-node is fine, but I'd like to be able to pin it tov1.3.0
.)