This post have been published first on dev.to.
Some projects ideas can start from a colleague tweet.
This idea behind
github-slug-action is one of them (tweet in French).
SLUG variable need, I start to develop my first GitHub Action. Using docker-based container and some bash script with
cut, I create the first version of this action quickly.
github-slug-action start to be used by multiples projects and some enhancements have been asked.
This lead to a version bump to
2.x due to a breaking change in April 2020.
Due to that breaking change, I take the decision to change my branching strategy to adopt a
vX.Y branch naming to better manage this type of change.
master branch have been depreciated (rlespinasse/github-slug-action#15)
A removal of the
master branch have been plan 6-months later.
This work is complete.
Some repositories still used the
master branch and a pull-request to migrate have been created of each of them during October before the
master branch deletion.
Dependabot to manage versions of used GitHub Actions in your workflows
Docker-based GitHub Action limitation
Currently, a docker-based GitHub Action can only run on Linux-based workflows (rlespinasse/github-slug-action#16).
GitHub Action CVE
Thanks you @boolooper for the reporting.
On maintained branches, all impacted versions have been updated to fix this CVE and an advisory have been created on the project : GHSA-7f32-hm4h-w77q.