Repository files navigation

This action packagesyour action as anOCI container and publishes it to theGitHub Container registry.This allows your action to be consumed as animmutable package if aSemVer is specified in the consumer's workflow file.

Your workflow can be triggered by anyevent which has aGITHUB_REF that points to a Git tag.Some examples of these events are:

• release (uses tag associated with release)
• push (only applies to pushed tags)
• workflow_dispatch (only applies if subject of dispatch is a tag)

The associated tag must followsemantic versioning - this tag value will be used to create a package version.

Consumers of your action will then be able to specify that version to consume your action from the package, e.g.

• - uses: your-name/your-action@v1.2.3
• - uses: your-name/your-action@v1

Such packages will come with stronger security guarantees for consumers than existing git-based action resolution, such as:

• Provenance attestations generated using the@actions/attest package
• Tag immutability - it will not be possible to overwrite tags once published, ensuring versions of an action can't change once in use
• Namespace immutability - it will not be possible to delete and recreate the package with different content; this would undermine tag immutability

An actions workflow file like the following should be placed in your action repository:

name:"Publish Immutable Action Version"on:release:types:[published]jobs:publish:runs-on:ubuntu-latestpermissions:contents:readid-token:writepackages:writesteps:    -name:Check out repouses:actions/checkout@v4    -name:Publishid:publishuses:actions/publish-immutable-action@0.0.3

The scripts and documentation in this project are released under theMIT License.