actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-09-17 18:17:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add a README recommendation to pin action versions

Browse source
This commit is contained in:
Sviatoslav Sydorenko 2019-09-24 23:03:49 +02:00
parent 9cebe9a0ed
commit 74be6d36c6
No known key found for this signature in database
GPG key ID: 9345E8FEA89CA455
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -18,6 +18,11 @@ To use the action add the following step to your workflow file (e.g.
password: ${{ secrets.pypi_password }}
```
> **Pro tip**: instead of using branch pointers, like `master`, pin versions of
Actions that you use to tagged versions or sha1 commit identifiers. This will
make your workflows more secure and better reproducible, saving you from sudden
and unpleasant surprises.
A common use case is to upload packages only on a tagged commit, to do so add a
filter to the step: