Our firm currently prefers using major version tag convention (e.g. @v4) instead of commit hashes.
There is a rationale: we use a non-public GitHub Enterprise Server and therefore are not concerned about being exposed to external attackers, and we decided we would rather sacrifice reproducibility (for this, many things not) in order not to make changes in every repo in order to apply non-breaking changes.
I'd like an option to use tag versions for all repos, or perhaps "trusted orgs", and use only tags matching v\d+ (unless there are no such tags I guess). Perhaps:
[tool.gha-update]
tag-only = ["actions/*", "my-org/*"]
prefer-major-tags = true
or maybe
tool.gha-update.tag-preference = "major"
for future extension.
Our firm currently prefers using major version tag convention (e.g.
@v4) instead of commit hashes.There is a rationale: we use a non-public GitHub Enterprise Server and therefore are not concerned about being exposed to external attackers, and we decided we would rather sacrifice reproducibility (for this, many things not) in order not to make changes in every repo in order to apply non-breaking changes.
I'd like an option to use tag versions for all repos, or perhaps "trusted orgs", and use only tags matching
v\d+(unless there are no such tags I guess). Perhaps:or maybe
for future extension.