The "Create a phar release" workflow has a step called "Fetch latest phar" which uses dsaltares/fetch-gh-release-asset action. I want to replace the action with the gh CLI tool. The action is used to get the release version and download a release asset, both should be possible with gh.
GitHub will upgrade Node.js soon, and the action may not be compatible - there's an issue and a PR, but neither is resolved or merged. Also by using gh, the supply chain gets shorter and slightly more secure, and even though we check the release signature, I'd like to have less moving parts.
The "Create a phar release" workflow has a step called "Fetch latest phar" which uses dsaltares/fetch-gh-release-asset action. I want to replace the action with the
ghCLI tool. The action is used to get the release version and download a release asset, both should be possible withgh.GitHub will upgrade Node.js soon, and the action may not be compatible - there's an issue and a PR, but neither is resolved or merged. Also by using
gh, the supply chain gets shorter and slightly more secure, and even though we check the release signature, I'd like to have less moving parts.