FRESH

Hacker News

GitHub Actions Has a Package Manager, and It Might Be the Worst

19 points by todsacerdoti

by JackSlateur

0 subcomment

Long story short: yes, you can pin your github action (and you should)
No, you shan't execute random code from internet (that fact that you always execute the same random code is not important)
Github actions is fine in this regards;

by rurban

0 subcomment

Unfortunately you'd really need to use pinact run -u regularly and update your action hashes. Is there an action which does this automatically?
Yes: https://github.com/suzuki-shunsuke/pinact-action