The majority of the official actions/ actions all publish immutable actions (see actions/checkout for example), it'd be great if this one could also be so we don't have to pin to the full length commit SHA if we want immutability.
This could be tackled by:
- Adding an immutable action publish workflow
- Adding the action to codeql's immutable actions list so it doesn't get flagged by the CWE-829 rule
Happy to make the PR(s) for this.
The majority of the official
actions/actions all publish immutable actions (seeactions/checkoutfor example), it'd be great if this one could also be so we don't have to pin to the full length commit SHA if we want immutability.This could be tackled by:
Happy to make the PR(s) for this.