Change checkout reference from 'stable' to 'dev'#33
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the CI workflow to build/test against the dev branch of the external gismo/gismo repository instead of stable, aligning CI with upstream development.
Changes:
- Switch
actions/checkoutforgismo/gismofromref: stabletoref: dev.
Comments suppressed due to low confidence (1)
.github/workflows/ci.yml:33
actions/checkout@masteris a floating reference and can change unexpectedly; GitHub Actions best practice is to pin to a stable major version (e.g.,actions/checkout@v4) or a full commit SHA for supply-chain safety and reproducible CI runs. Consider updating both checkout steps to a pinned version.
- uses: actions/checkout@master
with:
repository: gismo/gismo
ref: dev
path: ./gismo
- uses: actions/checkout@master
with:
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| with: | ||
| repository: gismo/gismo | ||
| ref: stable | ||
| ref: dev |
There was a problem hiding this comment.
Checking out a moving branch (ref: dev) for an external dependency will make CI results non-reproducible and can introduce sudden breakages when upstream changes. If the intent is to track upstream dev, consider adding a brief comment explaining the rationale and/or pinning to a specific commit SHA (or tag) for deterministic builds, updating the pinned SHA intentionally when needed.
| ref: dev | |
| ref: v0.9.0 |
In the CI, checkout gismo in
devinstead ofstablebranch