checkov-action
checkov-action copied to clipboard
bridgecrewio
Major tag v12 is not updated
Major tag v12 is not updated and pointed to very old commit https://github.com/bridgecrewio/checkov-action/commits/v12
Regarding to official GitHub recommendations and here
Make the new release available to those binding to the major version tag: Move the major version tag (v1, v2, etc.) to point to the ref of the current release. This will act as the stable release for that major version. You should keep this tag updated to the most recent stable minor/patch release.
Because of that I can't use v12 tag and should point it to specific tag like v12.939.0 but it's updated quite frequently
- name: Checkov action
id: checkov
uses: bridgecrewio/checkov-action@v12
Only way I can see it right now is use master branch which is not good for production usage
- name: Checkov action
id: checkov
uses: bridgecrewio/checkov-action@master
@gofrolist we are always updating the tag with every new release of the checkov cli. https://github.com/bridgecrewio/checkov-action/commits/v12.947.0
Yes you updating the tags but major tag 'v12' is quite old and pointing to 'May 22, 2020'
@schosterbarak the problem with that is that every tag bump is very specific. This is helpful to have but it is also helpful to have a mutable tag at the major level so in workflows someone can just point at the major version and always pull in latest for that version family without having to just point at a branch which may or may not be considered in a publishable state. For example https://github.com/actions/checkout/releases actions/checkout also bumps their v2 tag when a newer version of the 2.X.X major version family. At the moment v2 points to the commit 1e204e9 which is the same as the tagv2.3.5. When they release a newer version of the 2.X.X version family e.g. v2.3.6 they will also update the v2 tag to now point at the same commit that v2.3.6 is tagged against.
