-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update module dependencies #247
Conversation
ff2f54b
to
7c1422c
Compare
.github/workflows/main.yaml
Outdated
credentials_json: '${{ secrets.NECO_TEST_SERVICE_ACCOUNT }}' | ||
|
||
- name: Set up Cloud SDK for sabakan | ||
uses: google-github-actions/setup-gcloud@v0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The versions of google-github-actions/auth
and google-github-actions/setup-gcloud
look too vague?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yokaze
I agree a little. But using v0
is recommended.
Which do you like using v0
or a specific version?
https://github.com/google-github-actions/auth/tree/v0.7.0#versioning
https://github.com/google-github-actions/setup-gcloud/tree/v0.6.0#versioning
Most actions specify only the major version (e.g. actions/setup-go@v3
).
So I think we need not give special treatment only to v0
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@masa213f
I suppose released versions (v1, v2, ...) are normally well-controlled and it's safe to upgrade their minor versions. However for v0 softwares, there is no such guarantee. So it's rational to pin their minor versions.
BTW the upstream authors encourage to use v0
tag possibly because they are confident of no breaking changes in future. How do you think about the risk?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand your opinion as follows. Is it correct?
- If a major version (v1 or more) has been released, we pin the major version only.
- If a major version is not released, we pin the major and minor versions. The patch version is not required.
Even if breaking changes are released, it just breaks CI.
I thought it was no big problem. So I specified the v0
only.
But your suggestion sounds like a good idea. Which do you like?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
Signed-off-by: Masayuki Ishii <masa213f@gmail.com>
eefe95a
to
56a737a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: Masayuki Ishii masa213f@gmail.com