Dear GitHub: no YAML anchors, please
5 hours ago
- #YAML
- #GitHub Actions
- #CI/CD
- GitHub Actions recently added support for YAML anchors, which the author argues is a bad decision.
- YAML anchors are redundant with existing GitHub Actions features for reducing duplication.
- They introduce unnecessary complexity and non-locality, making workflows harder to understand and analyze.
- GitHub's implementation lacks support for merge keys, the one feature that could justify YAML anchors.
- The author believes YAML anchors make GitHub Actions less secure by complicating human and machine analysis.
- The change negatively impacts tools that analyze GitHub Actions workflows for correctness and security.
- The author recommends GitHub immediately remove YAML anchor support before widespread adoption occurs.