Create v1 tag for rolling releases #27
Comments
|
Looks like someone built an Action for this: Release GitHub Actions |
|
@pastelmind thanks for your kind words!
This is actually a duplicate of #22 :) And that issue suggests an automation for dealing with this boring routine.
This is a good idea from the UX perspective. But from the security perspective, it's terrible (not on our side but on the side of end-users): you basically set up a moving target in your repo, forget about it and hope that it won't start pointing to some malicious code at some point in the future. There's even no tooling to protect yourself from such a treat — somebody may temporarily inject something bad into your workflows and then revert it while you won't even notice! That said, I haven't decided if it's worth implementing. It is way safer to recommend users pin versions to commit sha. I think I'll integrate that autorelease action but will put a big red warning about using sha instead of ephemeral Git pointers... |
First, thanks for maintaining this neat GitHub Action, and congrats for the v1.1.0 release.
Now that we no longer have the alpha suffix in the version, could you please create a
v1tag which is kept updated to the latest stable version? It would greatly benefit users looking to "subscribe" to bug fixes. Also, all of GitHub's official Actions also provide av1tag, and it would make the overall user experience consistent when writing Workflows.I understand that updating the
v1tag every time adds extra burden on the maintainers. Hopefully, it might be automate this as part of the release process for this Action.The text was updated successfully, but these errors were encountered: