julia-actions/setup-julia
1
0
Fork 0
mirror of https://github.com/julia-actions/setup-julia.git synced 2026-02-12 02:56:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add security guide to README

Browse Source
This commit is contained in:
Sascha Mann
2020-10-20 16:07:10 +02:00
committed by GitHub
parent 82b1b42f54
commit c5d801f77b
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -143,13 +143,17 @@ You can specify commits, branches or tags in your workflows as follows:
```yaml ```yaml
steps: steps:
- uses: julia-actions/setup-julia@6ae948d # commit SHA - uses: julia-actions/setup-julia@d26d1111976eae5f00db04f0515ab744ec9cd79e # commit SHA of the tagged 1.3.1 commit
- uses: julia-actions/setup-julia@master # branch - uses: julia-actions/setup-julia@master # branch
- uses: julia-actions/setup-julia@latest # latest version tag (may break existing workflows) - uses: julia-actions/setup-julia@latest # latest version tag (may break existing workflows)
- uses: julia-actions/setup-julia@v1 # major version tag - uses: julia-actions/setup-julia@v1 # major version tag
- uses: julia-actions/setup-julia@v0.1.0 # specific version tag - uses: julia-actions/setup-julia@v0.1.0 # specific version tag
``` ```
If your workflow requires access to secrets, you should always pin it to a commit SHA instead of a tag.
This will protect you in case a bad actor gains access to the setup-julia repo.
You can find more information in [GitHub's security hardening guide](https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions).
## Debug logs ## Debug logs
You can enable [Step Debug Logs](https://github.com/actions/toolkit/blob/main/docs/action-debugging.md#step-debug-logs) for more detailed logs. You can enable [Step Debug Logs](https://github.com/actions/toolkit/blob/main/docs/action-debugging.md#step-debug-logs) for more detailed logs.