Example workflow fixes#150
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the GitHub Actions configuration example in the README.md by removing the issues: write permission and changing the checkout action version from @v4 to @latest. The review feedback correctly identifies that using @latest will cause the workflow to fail since the actions/checkout repository does not maintain a latest tag, and recommends reverting back to @v4 for stability and security.
| steps: | ||
| - name: 'Checkout Code Repository' | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@latest |
There was a problem hiding this comment.
Using actions/checkout@latest will cause the workflow to fail because the actions/checkout repository does not publish or maintain a latest tag. Additionally, pinning to mutable tags is a security and stability risk. It is best practice to pin to a specific major version (such as v4) or a specific commit SHA to ensure reproducible and secure builds.
| uses: actions/checkout@latest | |
| uses: actions/checkout@v4 |
- Remove the unnecessary `issues: write` permission; - Change `actions/checkout` version to `latest`: v4 is outdated, and codeowners-plus doesn't depend on its version-specific features.
1 participant
Summary / Background
Remove the unnecessary
issues: writepermission;Change
actions/checkoutversion tolatest: v4 is outdated, and codeowners-plus doesn't depend on its version-specific features.Permission tested on: kolayne/test#3