Following #127, I think it would be helpful to document which SHA of actions/upload-artifact this action calls. This is relevant for anyone who only allows select actions to be run in their repository. In my case, I had actions/upload-pages-artifact@v4 in my list of allowed actions, and suddenly got an error:
The action actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 is not allowed
It wasn't immediately clear to me where that SHA was coming from, considering my workflow doesn't explicitly call actions/upload-artifact. It would be nice to have a note that says something like "make sure to add this SHA to your list of allowed actions, if applicable" to reduce confusion.
Thank you for continuing to maintain this action!
Following #127, I think it would be helpful to document which SHA of
actions/upload-artifactthis action calls. This is relevant for anyone who only allows select actions to be run in their repository. In my case, I hadactions/upload-pages-artifact@v4in my list of allowed actions, and suddenly got an error:It wasn't immediately clear to me where that SHA was coming from, considering my workflow doesn't explicitly call
actions/upload-artifact. It would be nice to have a note that says something like "make sure to add this SHA to your list of allowed actions, if applicable" to reduce confusion.Thank you for continuing to maintain this action!