setup-msys2
dependabot-sha-comment-action
setup-msys2 | dependabot-sha-comment-action | |
---|---|---|
2 | 1 | |
266 | 2 | |
4.5% | - | |
7.0 | 0.9 | |
9 days ago | over 1 year ago | |
JavaScript | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
setup-msys2
-
Getting Started with Git Bash
Other pages provide complementary information on that same topic.
Another thing I appreciated was the explanation of MSYS2's environments:
https://www.msys2.org/docs/environments/
Being able to painlessly switch away from MSVCRT to UCRT was helpful in solving some UTF-8 difficulties I was experiencing at the time.
Package management with pacman is rather pleasant, and the setup-msys2 GitHub Action makes it simple to provide your GHA workflow with the tools and libs you want:
https://www.msys2.org/docs/package-management/
https://packages.msys2.org/queue
https://github.com/msys2/setup-msys2
-
GitHub Actions by Example
> Actions reduce workflow steps by providing reusabe[sic] “code” for common tasks. To run an action, you include the uses keyword pointing to a GitHub repo with the pattern {owner}/{repo}@{ref} or {owner}/{repo}/{path}@{ref} if it’s in a subdirectory. A ref can be a branch, tag, or SHA.
Aside from the typo, I wonder how many packages could be backdoored at once, if an action maintainer went rogue, seeing as there's no pinning for actions by default, and (according to https://github.com/msys2/setup-msys2/blob/main/HACKING.md) moving a tag is the default way to push updates to an action. (Interestingly get-cmake/run-cmake/run-vcpkg are all operated by the same person.)
dependabot-sha-comment-action
-
GitHub Actions by Example
Def a real concern.
If anyone is interested to mitigate it yourself, these are helpful :)
https://docs.github.com/en/actions/creating-actions/about-cu...
https://github.com/dependabot/dependabot-core/issues/2835
https://github.com/zgosalvez/github-actions-ensure-sha-pinne...
https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...
What are some alternatives?
WSL - Issues found on WSL
tiny-differentiable-simulator - Tiny Differentiable Simulator is a header-only C++ and CUDA physics library for reinforcement learning and robotics with zero dependencies.
tip - GitHub Action to keep a 'tip' pre-release always up-to-date
toast - Containerize your development and continuous integration environments. 🥂
dependabot-sha-comment-ac
github-script - Write workflows scripting the GitHub API in JavaScript
github-actions-ensure-sha-pinne
tiny-differentiable-simul
learnxinyminutes-docs - Code documentation written as code! How novel and totally my idea!
ghactionsbyexample - GitHub Actions by Example