MINOR: Upgrade to GitHub actions/cache 4.2.2 #650
Conversation
jbonofre
requested review from
kou,
laurentgo,
lidavidm and
wgtmac
as code owners
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
-0.5
It is best practice to pin actions to SHA in workflows that run in an elevated context (i.e. not pull_request) and use secrets or have elevated permissions (anything not contents:read). So at least for those I would stick with pinned actions.
I also don't see the downside of pinning things, as I have seen actions/* break on minor updates in the past. Except maybe the work to merge dependabot PRs.
Also to be pedantic this touches more than 2 files which means it's not a minor PR ;
|
@assignUser ok. Fair enough. Let me update this PR to fix the cache version which is deprecated (and blocking all PRs right now). |
|
Ah I see the deprecation for anything <4.2. I forgot about that, IIRC they wanted to do that last year but pushed it out after some backlash. Somehow the dependabot PR must have been closed which makes it ignore that version. Though I can't find one in the PRs... hm, maybe broken through the transition or something. |
|
FWIW, Dependabot appears to understand the pinning convention, so at least it shouldn't be extra work to maintain it (e.g. #635) |
Yeah, otherwise it would be a real drain... |
jbonofre
force-pushed
the
github-action-version-fix
branch
from
d80e435 to
b19d5b0
Compare
jbonofre
changed the title
|
@assignUser @lidavidm I updated this PR to upgrade to GitHub actions/cache 4.2.2 (using the SHA1). |
3 participants
Upgrade to GitHub actions/cache 4.2.2 as previous versions are deprecated.