GitHub Actions Has a Package Manager, and It Might Be the Worst nesbitt.io 19 points by todsacerdoti a day ago
JackSlateur 12 hours ago Long story short: yes, you can pin your github action (and you should)No, you shan't execute random code from internet (that fact that you always execute the same random code is not important)Github actions is fine in this regards;
rurban 19 hours ago Unfortunately you'd really need to use pinact run -u regularly and update your action hashes. Is there an action which does this automatically?Yes: https://github.com/suzuki-shunsuke/pinact-action
Long story short: yes, you can pin your github action (and you should)
No, you shan't execute random code from internet (that fact that you always execute the same random code is not important)
Github actions is fine in this regards;
Unfortunately you'd really need to use pinact run -u regularly and update your action hashes. Is there an action which does this automatically?
Yes: https://github.com/suzuki-shunsuke/pinact-action