Consider precision when finding latest action#6102
Conversation
deivid-rodriguez
force-pushed
the
deivid-rodriguez/consider-precision-when-finding-latest-action
branch
2 times, most recently
from
c40710d to
249cefe
Compare
jurre
left a comment
jurre
left a comment
There was a problem hiding this comment.
This makes sense to me, thanks!
|
For the record, I decided to unstack this one and get it ready before the one about security update support for Actions, because having this one in place should help us define the expected behavior for all edge cases when providing security updates for Actions. |
There was a problem hiding this comment.
This can raise an exception if the name doesn't match VERSION_REGEX. Would it make sense to use safe navigation here to return nil if the name doesn't match?
| name.match(VERSION_REGEX).named_captures.fetch("version") | |
| name.match(VERSION_REGEX)&.named_captures&.fetch("version") |
There was a problem hiding this comment.
Looking at the call sites, you may need to chain additional calls to compact to handle any returned nil values.
There was a problem hiding this comment.
This is just an extraction of currently existing duplicated logic. I'm not sure if this can be actually fed names that don't match or if they are validated further up the stack.
My empirical approach would be that the check is not needed, since I don't think I have seen that error in the wild or reports pointing to it. But in any case seems unrelated to this PR, since the aggressive code is already there, no?
There was a problem hiding this comment.
Further thinking about this, while I extracted existing instances of this logic to a method, I am indeed adding a new call site, so worth checking wether the case you mentioned can happen and add defensive code if yes. I will check this in more detail later 👍.
There was a problem hiding this comment.
Actually, all these helpers deal with "version tags" (the allowed_version_tags method specifically), which are essentially git tags that look like versions, i.e., have been filtered through this method:
On further iterations I will try to make this more clear, but I think this code is safe as is 👍.
There was a problem hiding this comment.
@mattt I'll merge this now based on my above comments, but if you still think there's something to address I'll open a followup PR!
deivid-rodriguez
force-pushed
the
deivid-rodriguez/consider-precision-when-finding-latest-action
branch
from
249cefe to
fbfca13
Compare
For consistency with `local_tags_for_latest_version_commit_sha` method.
deivid-rodriguez
force-pushed
the
deivid-rodriguez/consider-precision-when-finding-latest-action
branch
from
fbfca13 to
1c7d9ca
Compare
deivid-rodriguez
deleted the
deivid-rodriguez/consider-precision-when-finding-latest-action
branch
3 participants
If the major tag of an action does not point to the latest patch tag, Dependabot is not able to propose major updates. However, there's no reason why it should not propose an update to a higher major, even if it does not point to the latest patch level in that major series.
This is currently the case of the
actions/cacheaction, and I think it was unintended, but I could imagine action authors doing this intentionally to get patch level versions tested in the while before they move the major tag.This is stacked on top of #6052 and #6071 because it updates the same area of the code. Will unstack those later.