slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[feature] pin action by release tag

Open laurentsimon opened this issue 3 years ago • 0 comments
trafficstars

A few internal Action need to be called with they fully fully-qualified name: slsa-framework/slsa-github-generator/.github/actions/[email protected].

We need to ensure they use the same tag as the release tag for consistency. The pre-release should use:

  • dispatch event so that we can run it manually before creating a release tag
  • during release, as a final verification. Ideally this one should not fail otherwise we will need to further bump the version, otherwise

We also need to update the documentation in RELEASE.md

laurentsimon avatar Oct 19 '22 10:10 laurentsimon