Is your feature request related to a problem? Please describe.
Code scanning on GitHub has recently been flagging when github actions are not pinned to commit hashes. This recently has been suggested as a best security practice, but it comes at the cost of a more difficult updating process to the latest version (increased maintenance cost).
Describe the solution you would like.
Consider whether we would rather pin to version of commit hashes or not on ghactions4r. We could also consider this for our other projects that use GitHub actions.
Describe alternatives you have considered
Leave as is, pin to versions. Could consider a combination of approaches, and also consider if immutable releases are used.
Additional context
No response
Is your feature request related to a problem? Please describe.
Code scanning on GitHub has recently been flagging when github actions are not pinned to commit hashes. This recently has been suggested as a best security practice, but it comes at the cost of a more difficult updating process to the latest version (increased maintenance cost).
Describe the solution you would like.
Consider whether we would rather pin to version of commit hashes or not on ghactions4r. We could also consider this for our other projects that use GitHub actions.
Describe alternatives you have considered
Leave as is, pin to versions. Could consider a combination of approaches, and also consider if immutable releases are used.
Additional context
No response