-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Action fails in merge queue with v4.3.5 #841
Comments
HI @kylebjordahl, thank you for reporting this issue! I'm not able to reproduce the problem with the action in merge queue using default configurations. Can you share the configs that you are using for the action and/or the configuration file, if you're using any. |
Hi @Ahmed3lmallah - here is our action config yaml (pretty vanilla) name: 'Dependency review'
on:
pull_request:
merge_group:
types: ['checks_requested']
# If using a dependency submission action in this workflow this permission will need to be set to:
#
# permissions:
# contents: write
#
# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
permissions:
contents: read
# Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
pull-requests: write
jobs:
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
steps:
- name: 'Checkout repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
# RN-3003: Pinned due to issue with 4.3.5, can probably revert to v4 once a fix is out
uses: actions/dependency-review-action@v4.3.4
# Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
with:
comment-summary-in-pr: always
fail-on-severity: moderate
base-ref: ${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref || 'main'}}
head-ref: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref || github.ref}}
# TODO: review these in mid-sept 2024, see RN-1974 for details
allow-ghsas: ## REDACTED, THERE ARE TWO
# deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
# retry-on-snapshot-warnings: true |
Here's my analysis of the issue: In The code likely needs to do the following:
The short version is that |
This bug should be fixed now in the latest release: v4.4.0 Thank you @kylebjordahl for reporting the bug and @ebickle for your analysis of the issue! |
Describe the bug
Action fails in merge queue with unhelpful error (looks like a zod or schema validation?)
Showed up within minutes of the release of 4.3.5 (which we got due to a floating version pin of
v4
). Pinning to4.3.4
seems to resolve the issueTo Reproduce
Unfortunately this is in a private repo, so cannot share a full repro. We use a GitHub merge queue, but have had no issues before the release of
4.3.5
Expected behavior
Action should run.
Action version
Showed up within minutes of the release of 4.3.5 (which we got due to a floating version pin of
v4
). Pinning to4.3.4
seems to resolve the issueScreenshots
The text was updated successfully, but these errors were encountered: