In my previous post, I explored converting existing TravisCI jobs into GitHub Actions. If you're unfamiliar with GitHub Actions, I recommend reading that post first as it explains some of the basics. Since then, I've spent a bit more time experimenting with them and have found a slightly concerning security issue.