Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot configuration to update actions in workflows #6872

Closed
wants to merge 2 commits into from
Closed

Dependabot configuration to update actions in workflows #6872

wants to merge 2 commits into from

Conversation

ScottBrenner
Copy link

@ScottBrenner ScottBrenner requested a review from a team as a code owner June 8, 2024 03:23
@lildude
Copy link
Member

lildude commented Jun 8, 2024
edited
Loading

I tried this in the past and it broke things and I didn't have time to investigate further (revert PR). It was over two years ago so maybe things are better now. I won't be merging this until I have the time to deal with the fallout if this breaks things as in the past.

How confident are you that the latest actions versions won't break anything? Have you tested it?

@ScottBrenner
Copy link
Author

ScottBrenner commented Jun 9, 2024
edited
Loading

Thanks for the context - do you recall what broke? Seems checks did not run on the actions/checkout bump in https://github.com/github-linguist/linguist/pull/5911/checks, although the Actions history begins about a year after that https://github.com/github-linguist/linguist/actions?page=32 so it may be lost to time

In any case, I did bump actions/checkout v4 on my fork here and all checks passed without issue https://github.com/ScottBrenner/linguist/pull/1/checks

The other action, ruby/setup-ruby, appears to keep their "v1" tag updated https://github.com/ruby/setup-ruby/tree/v1 and would not (yet) be updated by the proposed changes here

@lildude
Copy link
Member

lildude commented Jun 13, 2024

do you recall what broke?

I don't specifically, but from my comment in #5912 checkout depth was at least one problem. We need more than master for our tests as some need the commits in test/attributes.

This problem wasn't caught by the tests in the PR itself for some reason I can't recall 👴

@ScottBrenner
Copy link
Author

The commits in test/attributes still seem to be fetched when the version of actions/checkout is updated - https://github.com/ScottBrenner/linguist/actions/runs/9432580092/job/25982529071?pr=1#step:4:18 - via https://github.com/github-linguist/linguist/blob/master/.github/workflows/ci.yml#L32?

@lildude
Copy link
Member

lildude commented Jun 14, 2024
edited
Loading

That looks to be left over from when I was tatting with this last time, so maybe I've already fixed that issue 😁

I note your test PR only updates the checkout action. Do things still pass if you update all actions to their latest versions? (I've not looked closely at what else is used and could be updated).

@ScottBrenner
Copy link
Author

ScottBrenner commented Jun 14, 2024
edited
Loading

Believe actions/checkout is the only action that would be updated by this - the only other action ruby/setup-ruby uses v1 which they seem to keep updated under https://github.com/ruby/setup-ruby/tree/v1

@ScottBrenner ScottBrenner closed this by deleting the head repository Jul 9, 2024
@lildude
Copy link
Member

lildude commented Jul 9, 2024

There's no need to close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ScottBrenner @lildude