We have multiple actions defined in this repository, but do not use tagged releases. This means any use of these actions must use either a hash-ref (which tools like renovate will attempt to update every time any change to the repository is made, and/or simply may not be updated in general) or point to main, which is rightfully considered poor practice.
We should:
- introduce release tags for this repository
- ensure we enable immutable releases, to reduce the impact should it be targeted as part of a supply chain attack
We have multiple actions defined in this repository, but do not use tagged releases. This means any use of these actions must use either a hash-ref (which tools like renovate will attempt to update every time any change to the repository is made, and/or simply may not be updated in general) or point to main, which is rightfully considered poor practice.
We should: