avoid unpinned 3rd party action for installing sentry-cli #106
Description
ios/.github/workflows/release.yml
Line 16 in 5663891
Since this is not a verified action, and it's not pinned to a sha, if compromised, the tag in the repo could be changed to contain malicious code.
For that reason we pin (with the commit sha) instead of using : v1 for example.
That said, don't we have a Sentry GHA plugin we can use instead?
Or a first-party cli install step?