What really puzzles me is that on any GitHub action web page (in the Marketplace), when you click “Use latest version”, the YAMLsnippet is presenting you something like:
where a specific tag is being used.
Instead, in my experience, it is best to:
- action’s author should publish branches that contains major version of the action (e.g. branch
- action’s consumer should consume those branches, e.g.
This allows author to push bugs/security fixes to the branch
v1 (and tag it for the release note purpose only) so that any workflow referring to the action on branch v1 (e.g.
uses: action/action@v1) would automatically benefit of the fix, without requiring any update. It is the concept of servicing a major version of the action.
Is this rule documented somewhere? I see that samples correctly adhere to this best practice, but the Marketplace is really misleading to this respect.
Action consumers should be strongly suggested to specify a branch name in place of a specific tag instead.