Describe the enhancement requested
I don't know why but Dependabot sometimes failed to update hash of GitHub Actions.
For example: #48301
The ASF's GitHub Actions policy https://infra.apache.org/github-actions-policy.html requires pinning external actions but there is no such restriction for actions/*:
External actions
You MAY use all actions internal to the apache/*, github/* and actions/* namespaces without restrictions.
You MUST pin all external actions to the specific git hash (SHA1) of the action that has been reviewed for use by the project. For instance, you MUST pin foobar/baz-action@8843d7f92416211de9ebb963ff4ce28125932878.
How about removing hash from all actions/* GitHub Actions?
Component(s)
Continuous Integration
Describe the enhancement requested
I don't know why but Dependabot sometimes failed to update hash of GitHub Actions.
For example: #48301
The ASF's GitHub Actions policy https://infra.apache.org/github-actions-policy.html requires pinning external actions but there is no such restriction for
actions/*:How about removing hash from all
actions/*GitHub Actions?Component(s)
Continuous Integration