Actually this ain't helping at all. An action in the end is just a wrapper for a docker image. So even if you reference the action by it's SHA, the author could just update the docker image which again is referenced by it's tag.
-
-
-
Actions are all about trust. Same as with public docker image. In general. If you don't trust the author you can always clone/copy the image and the action.
Kraj razgovora
Novi razgovor -
-
-
not bothered to check; but have they fixed it so using actions in private repos restricted to org allow the core github actions that you need to do silly things like check the code into the workspace yet
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.