|
|
|
|
|
|
by CaliforniaKarl
458 days ago
|
|
|
In your GitHub Actions YAML, instead of referencing a specific tag, you can reference a specific commit. So, instead of … uses: actions/checkout@v4
… you can use … uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
|
So you need to check the action.yml itself to see if it has a sha256 pinned (in the case it uses Docker).