Update version comments for SHA-pinned GitHub Actions#1
Closed
Update version comments for SHA-pinned GitHub Actions#1
Conversation
jproberts
force-pushed
the
github-actions-update-semver-comments
branch
2 times, most recently
from
3c9fb06 to
1c6c9da
Compare
hmcginnis
reviewed
Oct 21, 2022
hmcginnis
left a comment
hmcginnis
left a comment
There was a problem hiding this comment.
These are mostly style suggestions. But the next weirds me out. The if style might satisfy what you expect
There was a problem hiding this comment.
you could use updated_content.gsub! instead of updated_content = updated_content.gsub. The ! mutates the original updated_content
There was a problem hiding this comment.
Something like this might also work
s.gsub!(old_declaration, new_declaration)
if (comment = Regexp.last_match(:comment))
if (updated_comment = updated_version_comment(comment, new_req))
s.gsub!(comment, updated_comment)
end
end
Owner
Author
There was a problem hiding this comment.
I got this suggestion working and I like it much better. Thanks!
jproberts
force-pushed
the
github-actions-update-semver-comments
branch
2 times, most recently
from
56737a2 to
5b57517
Compare
GitHub encourages pinning third-party GitHub Actions to a full
length commit SHA. It's common for actions pinned by commit SHA
to include a comment specifying the version associated with the
commit. For example:
- uses: actions/checkout@01aecc # v2.1.0
This change updates the GitHub Actions manager to bump versions
in comments that follow SHA-pinned actions, so the comment stays
up-to-date with the SHA being updated.
The file_updater now searches the comment string for all references
to the previous version and replaces them with the new version. To
avoid changing unrelated comments, the comment updater only
updates dependencies that pin SHA refs.
jproberts
force-pushed
the
github-actions-update-semver-comments
branch
from
5b57517 to
96b107c
Compare
Owner
Author
|
Moved to dependabot#5951 🎉 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GitHub advocates pinning third-party GitHub Actions to a full length commit SHA. In practice, it's common for actions pinned by commit SHA to include a comment which includes the version associated with the commit. For example:
This change updates the GitHub Actions manager to bump versions in comments that follow SHA-pinned actions, so the comment stays up-to-date with the SHA being updated.
The file_updater now searches the comment string for all references to the previous version and replaces them with the new version. To avoid changing unrelated comments, the comment updater only updates dependencies that pin SHA refs.