Hacktoberfest 2020: Insights from a github-slug-action Maintainer
This post have been published first on dev.to .
Some projects ideas can start from a colleague tweet
.
This idea behind github-slug-action is one of them (tweet in French).
From this SLUG variable need, I start to develop my first GitHub Action. Using docker-based container and some bash script with sed or cut, I create the first version of this action quickly.
master end-of-life
After sometimes, github-slug-action start to be used by multiples projects and some enhancements have been asked.
This lead to a version bump to 2.x due to a breaking change in April 2020.
Due to that breaking change, I take the decision to change my branching strategy to adopt a vX.Y branch naming to better manage this type of change.
The master branch have been depreciated (rlespinasse/github-slug-action#15
)
A removal of the master branch have been plan 6-months later.
This work is complete.
Some repositories still used the master branch and a pull-request to migrate have been created of each of them during October before the master branch deletion.
TIP: Use Dependabot
to manage versions of used GitHub Actions in your workflows
Docker-based GitHub Action limitation
Currently, a docker-based GitHub Action can only run on Linux-based workflows (rlespinasse/github-slug-action#16 ).
In order to manage Windows-based and Macos-based workflows, the action need to be rewrite as Javascript-based action. In September 2020, @Ameausoone have took up the challenge to migrate to Typescript.
Thanks you.
GitHub Action CVE
During the Hacktoberfest, the GitHub Action have been impacted by a CVE on one of the GitHub Action core feature that been in used : GHSA-mfwh-5m23-j46w .
Thanks you @boolooper for the reporting.
On maintained branches, all impacted versions have been updated to fix this CVE and an advisory have been created on the project : GHSA-7f32-hm4h-w77q .
Before Hacktoberfest 2020
Thanks to @Ameausoone , @m4rcs , and @php-coder for yours contributions before this year event.