Skip to content

fix: update matchPackageNames to exclude 'github' actions#43

Merged
lumirlumir merged 2 commits intomainfrom
fix/ignore-github-actions
Dec 19, 2025
Merged

fix: update matchPackageNames to exclude 'github' actions#43
lumirlumir merged 2 commits intomainfrom
fix/ignore-github-actions

Conversation

@aladdin-add
Copy link
Member

@aladdin-add aladdin-add commented Dec 16, 2025

refs: eslint/eslint#20397 (comment)
This pull request makes a small update to the Renovate configuration for GitHub Actions dependencies. The change expands the exclusion pattern in the matchPackageNames field to also exclude github/** packages, not just actions/**.

  • .github/renovate/base.json5: Updated the matchPackageNames pattern to exclude both actions/** and github/** when applying the deps:actions label for GitHub Actions dependencies.

Prerequisites checklist

What is the purpose of this pull request?

What changes did you make? (Give an overview)

Related Issues

Is there anything you'd like reviewers to focus on?

@eslint-github-bot eslint-github-bot bot added the bug Something isn't working label Dec 16, 2025
@eslintbot eslintbot added this to Triage Dec 16, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in Triage Dec 16, 2025
@aladdin-add
Copy link
Member Author

aladdin-add commented Dec 16, 2025

should we also exclude "googleapis/*" - i think it's well-trusted too.

@aladdin-add aladdin-add moved this from Needs Triage to Implementing in Triage Dec 16, 2025
@aladdin-add aladdin-add marked this pull request as ready for review December 16, 2025 08:22
Copilot AI review requested due to automatic review settings December 16, 2025 08:22
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Renovate configuration to exclude both actions/** and github/** packages from having their GitHub Actions pinned to commit digests. This ensures that first-party GitHub Actions (from both the actions and github namespaces) remain unpinned, while third-party actions continue to be pinned for security purposes.

Key Changes

  • Expanded the exclusion pattern in the "Pin 3rd-party actions" rule to include both actions/** and github/** namespaces

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@lumirlumir
Copy link
Member

lumirlumir commented Dec 16, 2025
edited
Loading

should we also exclude "googleapis/*" - i think it's well-trusted too.

Personally, I'm also +1 on excluding it. They're Google-owned actions, so I think that's fine.

But, if the TSC has a moment to review it, another confirmation would be helpful. @eslint/eslint-tsc

@lumirlumir lumirlumir moved this from Implementing to Feedback Needed in Triage Dec 16, 2025
lumirlumir
lumirlumir approved these changes Dec 19, 2025
View reviewed changes
Copy link
Member

@lumirlumir lumirlumir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Since eslint/js#712 (comment) and the related PRs for the release-please version pinning have been merged, I'm merging this now to align with them.

should we also exclude "googleapis/*" - i think it's well-trusted too.

If it really matters, I think we can start to discuss it in a separate issue :)

@lumirlumir lumirlumir added the accepted There is consensus among the team that this change meets the criteria for inclusion label Dec 19, 2025
@lumirlumir lumirlumir merged commit 53ff57a into main Dec 19, 2025
9 checks passed
@github-project-automation github-project-automation bot moved this from Feedback Needed to Complete in Triage Dec 19, 2025
@lumirlumir lumirlumir deleted the fix/ignore-github-actions branch December 19, 2025 08:48
@lumirlumir lumirlumir mentioned this pull request Dec 19, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lumirlumir lumirlumir lumirlumir approved these changes

Assignees

No one assigned

Labels

accepted There is consensus among the team that this change meets the criteria for inclusion bug Something isn't working

Projects

Triage
Status: Complete

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aladdin-add @lumirlumir