Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore tags not matching prefix, when workflow is pinned to SHAs #7430

Merged
merged 2 commits into from
Aug 1, 2023
Merged

Ignore tags not matching prefix, when workflow is pinned to SHAs #7430

merged 2 commits into from
Aug 1, 2023

Conversation

deivid-rodriguez
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez commented Jun 14, 2023
edited
Loading

When updating explicit tags that include version numbers in their name in GitHub Actions workflows, we only update to tags that respect the existing format.

For example, if a workflow is pinned to the v2.3.6 tag through github/codeql-action@v2.3.6 and the action's author tags codeql-bundle-v2.13.4, then Dependabot won't create updates.

However, when the workflow is pinned to the specific commit for that tag, for example like this github/codeql-action@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6, then Dependabot will still create an update to github/codeql-action@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4.

This PR fixes the problem by ensuring the format is respected, not only for explicit tags, but also for the tags corresponding to explicit SHA pins.

@deivid-rodriguez deivid-rodriguez requested a review from a team as a code owner June 14, 2023 08:27
@github-actions github-actions bot added the L: github:actions GitHub Actions label Jun 14, 2023
@deivid-rodriguez
Copy link
Contributor Author

Oops, I broke common CI apparently. Back to WIP.

@deivid-rodriguez deivid-rodriguez marked this pull request as draft June 14, 2023 08:32
@deivid-rodriguez deivid-rodriguez force-pushed the deivid-rodriguez/proper-prefix-match branch 2 times, most recently from fd4c499 to ece2a89 Compare June 14, 2023 09:12
@deivid-rodriguez deivid-rodriguez marked this pull request as ready for review June 14, 2023 09:26
@deivid-rodriguez
Copy link
Contributor Author

I think it should be fixed now but I'd like to confirm that the smoke test failure is not related to this PR.

jurre
jurre approved these changes Jun 14, 2023
View reviewed changes
Copy link
Member

@jurre jurre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That failure looks unrelated to me, not sure how it could be caused by these changes

@deivid-rodriguez
Copy link
Contributor Author

Great, thanks for checking that!

@deivid-rodriguez deivid-rodriguez force-pushed the deivid-rodriguez/proper-prefix-match branch from ece2a89 to d717e1b Compare June 16, 2023 10:14
@deivid-rodriguez deivid-rodriguez force-pushed the deivid-rodriguez/proper-prefix-match branch from d717e1b to 4194887 Compare August 1, 2023 14:53
@deivid-rodriguez deivid-rodriguez merged commit 4dd41de into main Aug 1, 2023
@deivid-rodriguez deivid-rodriguez deleted the deivid-rodriguez/proper-prefix-match branch August 1, 2023 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jurre jurre jurre approved these changes

Assignees
No one assigned
Labels
L: github:actions GitHub Actions
Projects
Dependabot
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@deivid-rodriguez @jurre