-
Notifications
You must be signed in to change notification settings - Fork 131
Proper version tagging #23
Comments
I mean, we need to set up automation for this. But yes, it's possible. OTOH, relying on tags/branches is a security disaster for users FTR. Are you up for contributing this? |
It should not be so hard. I'm using https://github.com/haya14busa/action-update-semver for it: name: update-semver
on:
release:
types: [published]
tags:
- 'v*.*.*'
jobs:
update-semver:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: Semver
uses: haya14busa/action-update-semver@v1
with:
major_version_tag_only: true
github_token: ${{ secrets.github_token }} The example above ^^^ should be working... |
Somebody else suggested https://github.com/technote-space/release-github-actions (in another action pypa/gh-action-pypi-publish#22 (comment)). How does |
No idea... Using Feel free to use whatever tool you want... |
I use dependabot to maintain the versions of the actions I use in my workflows. Doing so facilitates debugging as I can recreate the environment. Using @master compromises that ability. |
@webknjaz Please help me understand this (feel free to point me at a good article/manual/book to read if that's quicker):
Are you talking about the possibility of someone getting access to a repo, and adding something unexpected or nefarious in a given branch, or rewriting a given tag? I suppose you could pin with a commit hash instead to mitigate that. Is there something else that makes branches/tags a "security disaster"? |
Thank you |
From now one we will try to follow the versions from ansible-lint |
Hello.
Would it be possible to do a proper tagging for this project please?
Maybe good starting point is here: https://github.com/actions/checkout
They are using versions like:
v2
->v2.0.0
v4
->v4.1.0
It would be really handy to use something like
v4
instead of specifying the exact version onlyv4.1.0
:Thank you...
The text was updated successfully, but these errors were encountered: