Workaround broken dependencies

Background

For a few weeks, a number of GitHub owned actions were triggering warnings. There were Pull Requests or in some cases merged PRs that just hadn't been released.

This action, like those actions doesn't release daily, which means there was a risk that this action might be forced to release tied to either an alternate (possibly unmaintained) action, or point to an action that triggers warnings until a future release updates the action reference

Implementation

The action.yml will reference both the canonical action and an alternate action. secpoll.sh gains the ability to check a given action and report if a dns entry indicates that the canonical action is in good shape.

As with the main secpoll functionality, this relies on dns entries which can be updated dynamically after the release.

History

Each of:

• github/codeql-action@v2
• actions-download@v3
• actions-upload-artifact@v3

triggered warnings between the release of v0.0.20 and v0.0.21

Deployment

As of v0.0.21, there are no workarounds in active deployment. A future release may rely on this feature...

---

FAQ | Showcase | Event descriptions | Configuration information | Known Issues | Possible features | Deprecations | Release notes | Helpful scripts