THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
There are a number of security problems you have to be aware of. The 3rd-party actions and 3rd party dependencies are a huge security risk if not used appropriately (basically if you are using it as the examples suggest you are opened for easy exploitation by the action authors). If you do not "securely" add the actions you are ripe to any kind of uncontrolled "write" modifications to your repository (!) by 3rd-party action owners AND (as we've learned recently) by 3rd party dependencies you install in your build pipeline. One of the problems caused INFRA action to disable the "direct" use of 3rd-party actions at the organisation level (see the discussion), but there are many more risks that you have to be aware of. There are two critical security vulnerability reports opened by Jarek Potiuk 30th of December with GitHub actions - both of them triaged and awaiting for actions on the GitHub side. GitHub Security Lab who in December encouraged the users to post their experiences is engaged as well. Those issues can be all mitigated (for Apache Airflow implemented all mitigation) but they are not what most projects do.
Mitigations
...
If you decide to use GitHub Actions, those are recommendations (there are varying opinions on sub-modules use though):
...