enforce reproducible releases ? #18
Description
Describe the current behavior
you can use any version of the workflow to create the release, for example the HEAD of the main branch at the time of the release. When the workflow has effects on the release (for example it could use command line paramaters to the build that change the release outputs), it means that if you try to recreate the release later, the HEAD of main may have changed and the workflow file doesn't build the same outputs anymore.
Describe the expected behavior
Maybe it's worth it to have the workflow ensure that it is possible later on to know which version of the workflow was used to make the release. An intuitive way to do that would be that the commit used to get the workflow is the one that is going to be released. The workflow could enforce that and refuse to release otherwise. Later on, when you want to recreate release X, you use the workflow from releaseX to do it.
Describe the motivation
reproducible releases
Extra Information
No response