DEV Community

loading...

Discussion on: CI/CD tutorial using GitHub Actions

Collapse
samthomson profile image
Sam Thomson

Hi Mike thanks a lot for the article.
Quick question. In the first example you use actions/checkout@v2 and in the second actions/checkout@master, was that intentional or? I'm guessing by referencing master you are effectively saying use the latest version of this action, so I am just wondering if there's a reason to decide which I should generally use or maybe it doesn't matter.

Collapse
michaelcurrin profile image
Michael Author

Hey Sam.

It comes down to preference. In general in software you should lock your versions especially for software maintained by other people. I am going to edit to use v2 above consistently. You can use @v2.3.4 if you need more control.

If you use @master you will get any commits on master, regardless of what is tagged and this introduces risk because that commit might be failing build (tests fail or bad syntax).

And if the author makes a significant changes from v2.0.0 to v3.0.0 that is not backwards compatible, your next workflow run could break. Like if you pass an argument as foo-bar but in the new version it is foo_bar then you'll silently pass a useless parameter.

So lock the version. And bump the version if you want a feature or fix or maybe a vulnerability fix.
When new version comes out, wait for it to be around a while (bugs get fixed and the version gets widely used) then you can adopt it as well.