Skip to content

Commit

Permalink
Clarify how to specify version comment
Browse files Browse the repository at this point in the history
  • Loading branch information
@chrislomaxjones
chrislomaxjones committed Mar 14, 2024
1 parent 972e9ad commit b7d0fd4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion github-actions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Since commit SHAs are immutable, the code of the underlying workflow cannot be c

It’s important to check the source code of the action for the given commit, so you’re reasonably satisfied the action is behaving as expected (and not exfiltrating secrets, for example).

As well as specifying the commit, it’s worth combining this with a comment specifying a more readable semver version. Dependabot also knows how to handle updates for workflows versioned with SHAs, with a comment that is kept updated with the version tag that the commit points to: see [nodejs/node/pull/51334](https://github.com/nodejs/node/pull/51334) for an example.
As well as specifying the commit, it’s worth combining this with a comment specifying a more readable semver version, in the format `# v0.0.1`. Dependabot also knows how to handle updates for workflows versioned with SHAs, with a comment that is kept updated with the version tag that the commit points to: see [nodejs/node/pull/51334](https://github.com/nodejs/node/pull/51334) for an example.

### Finding the SHA for a given release

Expand Down

0 comments on commit b7d0fd4

Please sign in to comment.