mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-11-25 01:51:14 -05:00
Add a README recommendation to pin action versions
This commit is contained in:
parent
9cebe9a0ed
commit
74be6d36c6
1 changed files with 5 additions and 0 deletions
|
@ -18,6 +18,11 @@ To use the action add the following step to your workflow file (e.g.
|
|||
password: ${{ secrets.pypi_password }}
|
||||
```
|
||||
|
||||
> **Pro tip**: instead of using branch pointers, like `master`, pin versions of
|
||||
Actions that you use to tagged versions or sha1 commit identifiers. This will
|
||||
make your workflows more secure and better reproducible, saving you from sudden
|
||||
and unpleasant surprises.
|
||||
|
||||
A common use case is to upload packages only on a tagged commit, to do so add a
|
||||
filter to the step:
|
||||
|
||||
|
|
Loading…
Reference in a new issue