Update module dependencies #247
Conversation
masa213f
force-pushed
the
update-20220411-2
branch
from
ff2f54b
to
7c1422c
Compare
.github/workflows/main.yaml
Outdated
| credentials_json: '${{ secrets.NECO_TEST_SERVICE_ACCOUNT }}' | ||
|
|
||
| - name: Set up Cloud SDK for sabakan | ||
| uses: google-github-actions/setup-gcloud@v0 |
There was a problem hiding this comment.
The versions of google-github-actions/auth and google-github-actions/setup-gcloud look too vague?
There was a problem hiding this comment.
@yokaze
I agree a little. But using v0 is recommended.
Which do you like using v0 or a specific version?
https://github.com/google-github-actions/auth/tree/v0.7.0#versioning
https://github.com/google-github-actions/setup-gcloud/tree/v0.6.0#versioning
Most actions specify only the major version (e.g. actions/setup-go@v3).
So I think we need not give special treatment only to v0.
There was a problem hiding this comment.
@masa213f
I suppose released versions (v1, v2, ...) are normally well-controlled and it's safe to upgrade their minor versions. However for v0 softwares, there is no such guarantee. So it's rational to pin their minor versions.
BTW the upstream authors encourage to use v0 tag possibly because they are confident of no breaking changes in future. How do you think about the risk?
There was a problem hiding this comment.
I understand your opinion as follows. Is it correct?
- If a major version (v1 or more) has been released, we pin the major version only.
- If a major version is not released, we pin the major and minor versions. The patch version is not required.
Even if breaking changes are released, it just breaks CI.
I thought it was no big problem. So I specified the v0 only.
But your suggestion sounds like a good idea. Which do you like?
Signed-off-by: Masayuki Ishii <masa213f@gmail.com>
masa213f
force-pushed
the
update-20220411-2
branch
from
eefe95a
to
56a737a
Compare
Signed-off-by: Masayuki Ishii masa213f@gmail.com