Pin actions to a full length commit SHA

Question

Pin actions to a full length commit SHA

Closed this issue 2 years ago · 0 comments

In its documentation, https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions, GitHub recommends to pin GitHub actions to a full length commit SHA.

One nice side effect is that there will be more activity to the repository. So this helps preventing scheduled GitHub Actions from becoming disabled when there is no activity for X consecutive days.