Hi Mike thanks a lot for the article.
Quick question. In the first example you use actions/checkout@v2 and in the second actions/checkout@master, was that intentional or? I'm guessing by referencing master you are effectively saying use the latest version of this action, so I am just wondering if there's a reason to decide which I should generally use or maybe it doesn't matter.
I'm a self-taught dev focused on websites and Python development.
My friends call me the "Data Genie".
When I get bored, I find tech to read about, write about and build things with.
It comes down to preference. In general in software you should lock your versions especially for software maintained by other people. I am going to edit to use v2 above consistently. You can use @v2.3.4 if you need more control.
If you use @master you will get any commits on master, regardless of what is tagged and this introduces risk because that commit might be failing build (tests fail or bad syntax).
And if the author makes a significant changes from v2.0.0 to v3.0.0 that is not backwards compatible, your next workflow run could break. Like if you pass an argument as foo-bar but in the new version it is foo_bar then you'll silently pass a useless parameter.
So lock the version. And bump the version if you want a feature or fix or maybe a vulnerability fix.
When new version comes out, wait for it to be around a while (bugs get fixed and the version gets widely used) then you can adopt it as well.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi Mike thanks a lot for the article.
Quick question. In the first example you use
actions/checkout@v2and in the secondactions/checkout@master, was that intentional or? I'm guessing by referencing master you are effectively sayinguse the latest version of this action, so I am just wondering if there's a reason to decide which I should generally use or maybe it doesn't matter.Hey Sam.
It comes down to preference. In general in software you should lock your versions especially for software maintained by other people. I am going to edit to use v2 above consistently. You can use
@v2.3.4if you need more control.If you use
@masteryou will get any commits on master, regardless of what is tagged and this introduces risk because that commit might be failing build (tests fail or bad syntax).And if the author makes a significant changes from
v2.0.0tov3.0.0that is not backwards compatible, your next workflow run could break. Like if you pass an argument asfoo-barbut in the new version it isfoo_barthen you'll silently pass a useless parameter.So lock the version. And bump the version if you want a feature or fix or maybe a vulnerability fix.
When new version comes out, wait for it to be around a while (bugs get fixed and the version gets widely used) then you can adopt it as well.