Skip to content

Properly upgrade github actions pinned to specific commits#5576

Merged
deivid-rodriguez merged 4 commits intomainfrom
deivid-rodriguez/actions-downgraded
Sep 6, 2022
Merged

Properly upgrade github actions pinned to specific commits#5576
deivid-rodriguez merged 4 commits intomainfrom
deivid-rodriguez/actions-downgraded

Conversation

@deivid-rodriguez
Copy link
Copy Markdown
Contributor

@deivid-rodriguez deivid-rodriguez commented Aug 23, 2022
edited
Loading

If the pinned commit sha is not the tip of any repo branch, we would "update" to the commit sha of the latest version, which might be actually a parent of the current sha.

The problem is that so far we were not cloning the repository, so all we can access is sha's discoverable through http /info/refs endpoint, or through git ls-remotes.

To properly update this kind of references, we need to clone the repository.

This is not ready at all, it at least needs some tests, but I wanted to share it.

Fixes #5556.

Before (downgrades to the sha of v17)

To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
=> fetching dependency files
=> dumping fetched dependency files: ./dry-run/sigprof/nur-packages/
=> parsing dependency files
🌍 https//github.com:443/cachix/install-nix-action.git/info/refs
=> updating 1 dependencies: cachix/install-nix-action

=== cachix/install-nix-action ()
 => checking for updates 1/1
🌍 https//github.com:443/cachix/install-nix-action.git/info/refs
 => latest available version is 17
 => latest allowed version is 17
 => requirements to unlock: own
 => requirements update strategy: 
 => updating cachix/install-nix-action to 17

    ± .github/workflows/auto-update-flake.yml
    ~~~
    23c23
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@d64e0553100205688c0fb2fa16edb0fc8663c590
    47c47
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@d64e0553100205688c0fb2fa16edb0fc8663c590
    ~~~

    ± .github/workflows/auto-update.yml
    ~~~
    28c28
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@d64e0553100205688c0fb2fa16edb0fc8663c590
    ~~~

    ± .github/workflows/ci.yml
    ~~~
    58c58
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@d64e0553100205688c0fb2fa16edb0fc8663c590
    123c123
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@d64e0553100205688c0fb2fa16edb0fc8663c590
    ~~~
🌍 Total requests made: '2'

After (upgrades to the latest commit in master)

bin/dry-run.rb github_actions sigprof/nur-packages --dep cachix/install-nix-action 
To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
=> cloning into /home/dependabot/dependabot-core/tmp/sigprof/nur-packages
=> parsing dependency files
🌍 https//github.com:443/cachix/install-nix-action.git/info/refs
=> updating 1 dependencies: cachix/install-nix-action

=== cachix/install-nix-action ()
 => checking for updates 1/1
🌍 https//github.com:443/cachix/install-nix-action.git/info/refs
🌍 https//github.com:443/cachix/install-nix-action.git/info/refs
 => latest available version is e17a164a729f3f908f3997516f02ecaba2b9c201
 => latest allowed version is e17a164a729f3f908f3997516f02ecaba2b9c201
 => requirements to unlock: own
 => requirements update strategy: 
 => updating cachix/install-nix-action to e17a164a729f3f908f3997516f02ecaba2b9c201

    ± .github/workflows/auto-update-flake.yml
    ~~~
    23c23
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@e17a164a729f3f908f3997516f02ecaba2b9c201
    47c47
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@e17a164a729f3f908f3997516f02ecaba2b9c201
    ~~~

    ± .github/workflows/auto-update.yml
    ~~~
    28c28
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@e17a164a729f3f908f3997516f02ecaba2b9c201
    ~~~

    ± .github/workflows/ci.yml
    ~~~
    58c58
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@e17a164a729f3f908f3997516f02ecaba2b9c201
    123c123
    <         uses: cachix/install-nix-action@92d36226ca2887d9bfe391bf2d00894d88be3b64
    ---
    >         uses: cachix/install-nix-action@e17a164a729f3f908f3997516f02ecaba2b9c201
    ~~~
🌍 Total requests made: '3'

@deivid-rodriguez deivid-rodriguez force-pushed the deivid-rodriguez/actions-downgraded branch 2 times, most recently from 95fef7c to 5fee432 Compare August 23, 2022 19:35
@jeffwidman jeffwidman mentioned this pull request Aug 25, 2022
Closed
@deivid-rodriguez deivid-rodriguez force-pushed the deivid-rodriguez/actions-downgraded branch 3 times, most recently from 9e07bc7 to 3f5bb4f Compare August 29, 2022 12:35
@deivid-rodriguez deivid-rodriguez marked this pull request as ready for review August 29, 2022 12:35
@deivid-rodriguez deivid-rodriguez requested a review from a team as a code owner August 29, 2022 12:35
@deivid-rodriguez
Copy link
Copy Markdown
Contributor Author

deivid-rodriguez commented Aug 29, 2022

Added some specs here, so this is now ready from my side!

@deivid-rodriguez deivid-rodriguez force-pushed the deivid-rodriguez/actions-downgraded branch 2 times, most recently from 151dd9c to 1586708 Compare September 5, 2022 12:51
pavera
pavera approved these changes Sep 6, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@pavera pavera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, I left a comment on #5017 regarding some work I'd looked at in this area as well.

landongrindheim
landongrindheim reviewed Sep 6, 2022
View reviewed changes
@deivid-rodriguez
Reuse current_commit method
230c973
@deivid-rodriguez
Avoid allow_any_instance_of usages
f347e09
@deivid-rodriguez
Extract magic string to a let
c12bdc1 
For readability and for later reuse.
@deivid-rodriguez
Properly upgrade github actions pinned to specific commits
defa05c 
If the pinned commit sha is not the tip of any repo branch, we would
"update" to the commit sha of the latest version, which might be
actually a parent of the current sha.

The problem is that so far we were not cloning the repository, so all we
can access is sha's discoverable through http `/info/refs` endpoint, or
through `git ls-remotes`.

To properly update this kind of references, we need to clone the
repository.
@deivid-rodriguez deivid-rodriguez force-pushed the deivid-rodriguez/actions-downgraded branch from 1586708 to defa05c Compare September 6, 2022 17:03
@deivid-rodriguez
Copy link
Copy Markdown
Contributor Author

deivid-rodriguez commented Sep 6, 2022

Thank you for your reviews, let's do this!

@deivid-rodriguez deivid-rodriguez merged commit 18e9b0d into main Sep 6, 2022
@deivid-rodriguez deivid-rodriguez deleted the deivid-rodriguez/actions-downgraded branch September 6, 2022 17:59
@mctofu mctofu mentioned this pull request Sep 6, 2022
Merged
@bradenhilton bradenhilton mentioned this pull request Nov 1, 2022
Closed
1 task
This was referenced Nov 4, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pavera pavera pavera approved these changes

+1 more reviewer

@landongrindheim landongrindheim landongrindheim approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Suggested bump is actually a downgrade

3 participants

@deivid-rodriguez @pavera @landongrindheim