Skip to content

Commit

Permalink
🎨📝 Link SHA pinning encouragement @ README
Browse files Browse the repository at this point in the history 
This article [[1]] describes security flows of using branches and
tags as an end-user. The commit is intended to educate them but not
force doing so if they don't want to.

[1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
  • Loading branch information
@webknjaz
webknjaz committed Jul 13, 2023
1 parent f8c70e7 commit 2a939dd
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ comments in the corresponding [per-release announcement discussions].

The `master` branch version has been sunset. Please, change the GitHub
Action version you use from `master` to `release/v1` or use an exact
tag, or a full Git commit SHA.
tag, or opt-in to [use a full Git commit SHA] and Dependabot.


## Usage
Expand Down Expand Up @@ -250,6 +250,9 @@ https://results.pre-commit.ci/latest/github/pypa/gh-action-pypi-publish/unstable
[pre-commit.ci status badge]:
https://results.pre-commit.ci/badge/github/pypa/gh-action-pypi-publish/unstable/v1.svg

[use a full Git commit SHA]:
https://julienrenaux.fr/2019/12/20/github-actions-security-risk/

[per-release announcement discussions]:
https://github.com/pypa/gh-action-pypi-publish/discussions/categories/announcements

Expand Down

0 comments on commit 2a939dd

Please sign in to comment.