revert: hash pinning on pypi publish workflow#981
Conversation
Missed these ones in taskcluster#980
Merging this PR will improve performance by 12.01%
Performance Changes
Tip Curious why this is faster? Comment Comparing 
|
ahal
left a comment
ahal
left a comment
There was a problem hiding this comment.
I went ahead and relaxed the pypi-publish restriction in the settings. After looking into it, I think we should keep the hash pinning.
|
Outlined my rationale in channel, copy/pasting here: I think I understand.. The release/v1 branch is like a latest tag.. it points to whatever the latest release on the 1.x branch line is: but because we're using renovate now, it'll find the tag refs directly.. so it's likely equivalent to using release/v1 but we get to update explicitly instead of implicitly |
|
ok, sure |
|
#982 for moving back to hash pinning. |
Quoting context from @ahal in #981: > Outlined my rationale in channel, copy/pasting here: > > I think I understand.. The release/v1 branch is like a latest tag.. it points to whatever the latest release on the 1.x branch line is: https://github.com/pypa/gh-action-pypi-publish/tree/release/v1 > > but because we're using renovate now, it'll find the tag refs directly.. so it's likely equivalent to using release/v1 but we get to update explicitly instead of implicitly
2 participants
Missed these ones in #980
(We're already talking about accepting the pinning and loosening the restrictions on the versions of this action that may run; but we may want this to unbreak releases in the meantime.)