Releases can't be pinned to SHAs

[evverx]

When the action is pinned to a full SHA of a release (as recommended in https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) it fails with

2022-06-23T14:25:16.5848216Z ##[group]Run stefanbuck/github-issue-parser@fb73b92b5c4d283c3e9a198f2bb7dbbf6cf87079
2022-06-23T14:25:16.5848597Z with:
2022-06-23T14:25:16.5848885Z   template-path: .github/ISSUE_TEMPLATE/bug_report.yml
2022-06-23T14:25:16.5849185Z ##[endgroup]
2022-06-23T14:25:16.5973472Z ##[error]File not found: '/home/runner/work/_actions/stefanbuck/github-issue-parser/fb73b92b5c4d283c3e9a198f2bb7dbbf6cf87079/dist/index.js'
2022-06-23T14:25:16.6046545Z Post job cleanup.

To get it around it was pinned to fc06b2a. It kind of works but it isn't compatible with Dependabot in the sense that it can't update the action automatically because it follows releases usually.

cc @jamacku

[stefanbuck]

Thanks for sharing. The release is mainly handled by https://github.com/semantic-release/semantic-release, which generates the release. However the actual build is happening afterwards which then results in n this unpleasant state. I'll look into it

[stefanbuck]

Will work on this as part of the upcoming v3 release

[stefanbuck]

Fixed in v2.0.4 and onwards. Thanks for making me aware of this issue.