Hacktoberfest 2020 Report | github-slug-action Maintainer

Posted on Nov 1, 2020

This post have been published first on dev.to.

Some projects ideas can start from a colleague tweet. This idea behind github-slug-action is one of them (tweet in French).

From this SLUG variable need, I start to develop my first GitHub Action. Using docker-based container and some bash script with sed or cut, I create the first version of this action quickly.

master end-of-life

After sometimes, github-slug-action start to be used by multiples projects and some enhancements have been asked.

This lead to a version bump to 2.x due to a breaking change in April 2020. Due to that breaking change, I take the decision to change my branching strategy to adopt a vX.Y branch naming to better manage this type of change.

The master branch have been depreciated (rlespinasse/github-slug-action#15)

A removal of the master branch have been plan 6-months later. This work is complete. Some repositories still used the master branch and a pull-request to migrate have been created of each of them during October before the master branch deletion.

TIP: Use Dependabot to manage versions of used GitHub Actions in your workflows

Docker-based GitHub Action limitation

Currently, a docker-based GitHub Action can only run on Linux-based workflows (rlespinasse/github-slug-action#16).

In order to manage Windows-based and Macos-based workflows, the action need to be rewrite as Javascript-based action. In September 2020, @Ameausoone have took up the challenge to migrate to Typescript.

Thanks you.

GitHub Action CVE

During the Hacktoberfest, the GitHub Action have been impacted by a CVE on one of the GitHub Action core feature that been in used : GHSA-mfwh-5m23-j46w.

Thanks you @boolooper for the reporting.

On maintained branches, all impacted versions have been updated to fix this CVE and an advisory have been created on the project : GHSA-7f32-hm4h-w77q.

Before Hacktoberfest 2020

Thanks to @Ameausoone, @m4rcs, and @php-coder for yours contributions before this year event.