Provide guidance for consuming the action using a fixed reference

[samkearney]

Hello,

As mentioned in the GitHub documentation, best practice for consuming third-party actions is to use a fixed reference such as a tag or SHA. The current README documentation shows this action being consumed @master, which is not ideal from a stability perspective.

I would request one of the following:

(a) Implement release management using tags as described in the GitHub docs linked above. Since it seems like this action is rarely updated, this could be as simple as adding a v1 and v1.0.0 tags pointing at the latest commit on master. Then update the README documentation to show the action being consumed using cloudsmith-io/action@v1 instead of cloudsmith-io/action@master.

(b) Update the README documentation to show consumption via a SHA, e.g. cloudsmith-io/action@04d1b7d955cd82529987396158a17fae4faa4d54

Thanks for considering.

[nickxn]

Thanks for the suggestion @samkearney ! I'll feed it back to our engineering team to consider the update.