Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add WebExt Lint as CI job #1907

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add WebExt Lint as CI job #1907

wants to merge 1 commit into from

Conversation

rugk
Copy link

@rugk rugk commented Nov 9, 2023

Inspired by https://github.com/rugk/awesome-emoji-picker/blob/main/.github/workflows/webext-lint.yml

As far as I see you don't run that anywhere else, so may this be a good idea?

Same as ajayyy/DeArrow#187

  • I agree to license my contribution under LGPL-3.0 or my contribution is from another project with a license compatible with LGPL-3.0

To test this pull request, follow the instructions in the wiki.


Inspired by https://github.com/rugk/awesome-emoji-picker/blob/main/.github/workflows/webext-lint.yml

As far as I see you don't run that anywhere else, so may this be a good idea?

Same as ajayyy/DeArrow#187
@ajayyy
Copy link
Owner

ajayyy commented Nov 10, 2023

Warnings will need to be dealt with before merging.

@mchangrh
Copy link
Contributor

the v1 tag also seems to be built in 2019 which iirc is at least one breaking GHA version behind - should probably convert to locked commit

@rugk
Copy link
Author

rugk commented Nov 10, 2023

Well dependabot can handle GitHub Actions and upgrade them (though I don't know if it automatically does as by your config)… then you can easily use version numbers instead of commits.

@mchangrh
Copy link
Contributor

dependabot hasn't triggered for our actions before and I don't trust it..., either way the tag is outdated and we've already set a precedence of locking by commit

@rugk
Copy link
Author

rugk commented Nov 18, 2023

dependabot hasn't triggered for our actions before and I don't trust it...

Well that is because you have not enabled it (respectively only for security updates), see ajayyy/DeArrow#179. With a YAML configuration you can exactly control what is updated and e.g. also only enable it for GitHub Actions. See https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file for an example.
If enabled, it is quite reliable in my experience, I mean it may take some time, but at least you notice updates.

- uses: actions/checkout@v3

- name: "web-ext lint"
uses: kewisch/action-web-ext@v1
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uses: kewisch/action-web-ext@v1
uses: kewisch/action-web-ext@cb8a694

Like this or what do you want here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants