[ Test release in my vim-appimage-tst-upstream fork ]
GitHub's own gh tool comes pre-installed on runner images and obviates the need for some external actions. This reduces dependencies on external repos and (security-wise) avoids passing the GITHUB_TOKEN secret to external code in various states of maintenance.
replace octokit/graphql-action@v2.x with gh api graphql
This action uses the (not just deprecated, but EOL'd since September 2023) Node 16, thus generating warnings; octokit seems to only update Node when GitHub completely pulls the rug (which can be months after a release EOL's). Other warnings are unavoidable due to how query parameters must be passed.
gh is also more flexible so it was possible to simplify logic a bit by writing to $GITHUB_ENV directly from the --jq argument (avoiding re-read / re-parse code).
release using gh release create instead of softprop's action
This doesn't change anything, but also removes an external dependency at no extra complexity cost.
[ Test release in my
vim-appimage-tst-upstream
fork ]GitHub's own
gh
tool comes pre-installed on runner images and obviates the need for some external actions. This reduces dependencies on external repos and (security-wise) avoids passing the GITHUB_TOKEN secret to external code in various states of maintenance.replace
octokit/graphql-action@v2.x
withgh api graphql
This action uses the (not just deprecated, but EOL'd since September 2023) Node 16, thus generating warnings; octokit seems to only update Node when GitHub completely pulls the rug (which can be months after a release EOL's). Other warnings are unavoidable due to how query parameters must be passed.
gh
is also more flexible so it was possible to simplify logic a bit by writing to$GITHUB_ENV
directly from the--jq
argument (avoiding re-read / re-parse code).release using
gh release create
instead ofsoftprop
's actionThis doesn't change anything, but also removes an external dependency at no extra complexity cost.