Update actions/attest-build-provenance digest to 18db129 - autoclosed#17302
Closed
renovate[bot] wants to merge 1 commit intomainfrom
Closed
Update actions/attest-build-provenance digest to 18db129 - autoclosed#17302renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
Member
|
I don't understand why Renovate created this -- the update isn't on a tag. |
renovate
bot
force-pushed
the
renovate/actions-attest-build-provenance-digest
branch
from
e41f137 to
feb68ea
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/actions-attest-build-provenance-digest
branch
from
feb68ea to
eb76fac
Compare
renovate
bot
changed the title
zaniebot
pushed a commit
to zaniebot/uv
that referenced
this pull request
Jan 9, 2026
This fixes the issue where Renovate was proposing updates to untagged commits. The version comment `# v3.1.0` allows Renovate to properly track the semantic version and only propose updates to actual releases, matching the format used in build-docker.yml. Fixes: astral-sh#17302 (comment)
Member
|
I think it's because there's no trailing version tag comment |
zaniebot
pushed a commit
to zaniebot/uv
that referenced
this pull request
Jan 9, 2026
The release.yml workflow is auto-generated by cargo-dist from dist-workspace.toml. Renovate was creating separate PRs for release.yml without updating dist-workspace.toml because: 1. dist-workspace.toml has version comments (e.g., `# v3.1.0`) so Renovate tracks it using semantic versioning 2. release.yml lacks version comments (cargo-dist doesn't add them), so Renovate tracks it as raw digest updates 3. This caused Renovate to propose updates to untagged commits in release.yml The fix is to disable Renovate's GitHub Actions manager for release.yml, ensuring updates go through dist-workspace.toml as the source of truth. Fixes: astral-sh#17302 (comment)
Member
That would explain it, although I thought it would still honor tags only because of our presets. That seems to work for the other action references in Maybe we should just exclude this workflow entirely? I could look again at making a custom Renovate matcher for the dist config. |
renovate
bot
force-pushed
the
renovate/actions-attest-build-provenance-digest
branch
from
eb76fac to
85c39d5
Compare
renovate
bot
changed the title
Member
|
I think we might as well dirty the file with a tag, since it's already dirty. |
renovate
bot
force-pushed
the
renovate/actions-attest-build-provenance-digest
branch
from
85c39d5 to
9dfa746
Compare
renovate
bot
added
the
build:skip-release
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/actions-attest-build-provenance-digest
branch
from
9dfa746 to
30f3536
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/actions-attest-build-provenance-digest
branch
from
30f3536 to
a34008d
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/actions-attest-build-provenance-digest
branch
from
a34008d to
6c6553d
Compare
renovate
bot
changed the title
zanieb
pushed a commit
that referenced
this pull request
Jan 30, 2026
## Summary `release.yml` is managed by dist, so Renovate creates a lot of chaff/noise/unnecessary dirty changes when trying to bump it. See #17302 for example. ## Test Plan NFC. --------- Signed-off-by: William Woodruff <william@astral.sh>
renovate
bot
changed the title
renovate
bot
deleted the
renovate/actions-attest-build-provenance-digest
branch
zanieb
pushed a commit
that referenced
this pull request
Feb 4, 2026
`release.yml` is managed by dist, so Renovate creates a lot of chaff/noise/unnecessary dirty changes when trying to bump it. See #17302 for example. NFC. --------- Signed-off-by: William Woodruff <william@astral.sh>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
00014ed→18db129Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.