Create "v1" tag for automatically following this action's updates without modifying workflows

[rhysd]

I'd like to suggest to create a v1 tag for making users automatically follow v1.x.y updates without modifying their workflows like other actions in actions organization doing (e.g. actions/checkout@v4).

I know that Dependabot can automatically maintain the versions of actions used in workflow. But they require PR reviews and some people (including me) would not want to spare time for them.

[GuySartorelli]

I came here with the intention to create this exact issue.

[MasterOdin]

The actions/setup-node repo uses https://github.com/actions/publish-action which looks like it makes it pretty simple to set this up: https://github.com/actions/setup-node/blob/26961cf329f22f6837d5f54c3efd76b480300ace/.github/workflows/release-new-action-version.yml

[ptrumpis]

I came here with the intention to create this exact issue.

Same.
I just got an error trying to add actions/add-to-project@v1 to my workflow so I came here to ask nicely if we could get a v1 tag.

[boneskull]

FWIW, this is contrary to GitHub's own recommendations. Even if you decide you trust the actions team, pinning to a SHA would keep you safe from attacks like this.