If you are using third party actions in your GitHub Action you should use SHA security pinning to mitigate the risk of attack on action repository
Being able to run integration tests in GitHub actions is a great feature, thanks to services you can run whatever docker image you need to run your integration scripts.