From 7d66b76679c17e9b8896d36f8a7903d87b422b49 Mon Sep 17 00:00:00 2001 From: Kurt von Laven Date: Sun, 24 Apr 2022 07:26:52 -0700 Subject: [PATCH 1/5] Note major versions are not automatically tagged The previous wording can be misinterpreted to suggest that GitHub Actions itself automatically tags major versions. Also, remove assurance that pinning the major version protects your workflow from breaking. This is only true if the action you depends on never introduces any bugs that affect you. In other words, it's false in practice. --- .../using-workflows/workflow-syntax-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/content/actions/using-workflows/workflow-syntax-for-github-actions.md index 3e72dd073977..9de708f8c83f 100644 --- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -413,7 +413,7 @@ Selects an action to run as part of a step in your job. An action is a reusable We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag number. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update. - Using the commit SHA of a released action version is the safest for stability and security. -- Using the specific major action version allows you to receive critical fixes and security patches while still maintaining compatibility. It also assures that your workflow should still work. +- If the action publishes major version tags, using them allows you to receive critical fixes and security patches while still maintaining compatibility. - Using the default branch of an action may be convenient, but if someone releases a new major version with a breaking change, your workflow could break. Some actions require inputs that you must set using the [`with`](#jobsjob_idstepswith) keyword. Review the action's README file to determine the inputs required. From 7194d4a6160004fb31811e830cb9726bc4f4e1ec Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Thu, 21 Jul 2022 15:41:10 +1000 Subject: [PATCH 2/5] Apply suggestions from code review Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .../using-workflows/workflow-syntax-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/content/actions/using-workflows/workflow-syntax-for-github-actions.md index 9de708f8c83f..040aa032efac 100644 --- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -411,7 +411,7 @@ A name for your step to display on {% data variables.product.prodname_dotcom %}. Selects an action to run as part of a step in your job. An action is a reusable unit of code. You can use an action defined in the same repository as the workflow, a public repository, or in a [published Docker container image](https://hub.docker.com/). -We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag number. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update. +We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update. - Using the commit SHA of a released action version is the safest for stability and security. - If the action publishes major version tags, using them allows you to receive critical fixes and security patches while still maintaining compatibility. - Using the default branch of an action may be convenient, but if someone releases a new major version with a breaking change, your workflow could break. From a61d92758f094741b85370dfd65c0d0251663566 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Thu, 21 Jul 2022 15:43:03 +1000 Subject: [PATCH 3/5] Apply suggestions from code review Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- .../using-workflows/workflow-syntax-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/content/actions/using-workflows/workflow-syntax-for-github-actions.md index 040aa032efac..1cac6ac1d172 100644 --- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -413,7 +413,7 @@ Selects an action to run as part of a step in your job. An action is a reusable We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update. - Using the commit SHA of a released action version is the safest for stability and security. -- If the action publishes major version tags, using them allows you to receive critical fixes and security patches while still maintaining compatibility. +- If the action publishes major version tags, using them should allow you to receive critical fixes and security patches while still retaining compatibility (within the abilities of the publisher). - Using the default branch of an action may be convenient, but if someone releases a new major version with a breaking change, your workflow could break. Some actions require inputs that you must set using the [`with`](#jobsjob_idstepswith) keyword. Review the action's README file to determine the inputs required. From 5966392e9c7275368bf3d8fb8ecf44510ff5f3fa Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Thu, 21 Jul 2022 15:46:35 +1000 Subject: [PATCH 4/5] Update content/actions/using-workflows/workflow-syntax-for-github-actions.md --- .../using-workflows/workflow-syntax-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/content/actions/using-workflows/workflow-syntax-for-github-actions.md index 1cac6ac1d172..051f2246985b 100644 --- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -413,7 +413,7 @@ Selects an action to run as part of a step in your job. An action is a reusable We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update. - Using the commit SHA of a released action version is the safest for stability and security. -- If the action publishes major version tags, using them should allow you to receive critical fixes and security patches while still retaining compatibility (within the abilities of the publisher). +- If the action publishes major version tags, you should expect to receive critical fixes and security patches while still retaining compatibility. Note that this behavior is at the publisher's discretion. - Using the default branch of an action may be convenient, but if someone releases a new major version with a breaking change, your workflow could break. Some actions require inputs that you must set using the [`with`](#jobsjob_idstepswith) keyword. Review the action's README file to determine the inputs required. From 366355e2686f10fb5bcf50fa492230b839e03bd5 Mon Sep 17 00:00:00 2001 From: Martin Lopes Date: Tue, 23 Aug 2022 14:42:37 +1000 Subject: [PATCH 5/5] Apply suggestions from code review --- .../using-workflows/workflow-syntax-for-github-actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/using-workflows/workflow-syntax-for-github-actions.md b/content/actions/using-workflows/workflow-syntax-for-github-actions.md index dc0dde52cdc1..75f9283d7763 100644 --- a/content/actions/using-workflows/workflow-syntax-for-github-actions.md +++ b/content/actions/using-workflows/workflow-syntax-for-github-actions.md @@ -367,7 +367,7 @@ Selects an action to run as part of a step in your job. An action is a reusable We strongly recommend that you include the version of the action you are using by specifying a Git ref, SHA, or Docker tag. If you don't specify a version, it could break your workflows or cause unexpected behavior when the action owner publishes an update. - Using the commit SHA of a released action version is the safest for stability and security. -- If the action publishes major version tags, you should expect to receive critical fixes and security patches while still retaining compatibility. Note that this behavior is at the publisher's discretion. +- If the action publishes major version tags, you should expect to receive critical fixes and security patches while still retaining compatibility. Note that this behavior is at the discretion of the action's author. - Using the default branch of an action may be convenient, but if someone releases a new major version with a breaking change, your workflow could break. Some actions require inputs that you must set using the [`with`](#jobsjob_idstepswith) keyword. Review the action's README file to determine the inputs required.