-
-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): bump @actions/core from 1.8.0 to 1.8.2 #473
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rebase after #470 is needed
41aefc4
to
dbd1808
Compare
dbd1808
to
c947694
Compare
it feels like commits created in the GHA are skipped, I will check something in the settings. |
I checked and it doesn't seem related to what I was thinking. |
94853ad
to
d06b54c
Compare
I tried:
it didn't help the build does not restart in this case. jfyi |
f2b487d
to
c947694
Compare
I know about this issue, the system token then we need to change the workflow to use PAT |
The dependabot doesn't use any secret or token, we don't use the Github API to create commits. https://github.com/golangci/golangci-lint-action/blob/master/.github/workflows/test.yml |
then how this works? |
This is the secret sauce of GitHub and Dependabot. We don't provide any token for this bot and we don't call the GitHub API. The dependabot secrets don't allow overriding secrets named Remember that the dependabot doesn't need to be installed, it's not an application but just a GitHub "feature". Do you have links to documentation or something else? |
folks, what do you think if we rethink this part? for me, "push changes" while you check them is a foot gun
what if this step will be a part of a push event? |
if - name: Update dist files
if: github.event_name == 'push' then try to update dist in the main branch instead of the current approach |
8745322
to
de5c087
Compare
please take a look on de5c087 |
The problem will be worse because creating a commit on master without a real user will not really work well. |
why? now the same commit will be created on a feature branch. what is the difference? and this scheme works well: |
@ldez let's remove "changing state" part and leave the dirty check. someone will do it manually. what do you think? |
de5c087
to
c947694
Compare
72cf77d
to
c264fca
Compare
c264fca
to
5d8e5c2
Compare
@dependabot recreate |
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.8.0 to 1.8.2. - [Release notes](https://github.com/actions/toolkit/releases) - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) --- updated-dependencies: - dependency-name: "@actions/core" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
5d8e5c2
to
1737dfa
Compare
Bumps @actions/core from 1.8.0 to 1.8.2.
Changelog
Sourced from
@actions/core
's changelog.Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)