Skip to content

chore: update tj actions #3063

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
blva wants to merge 1 commit into from
Closed

chore: update tj actions #3063

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/autoupdate-sdk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
run: echo "VERSION=$(curl -sSfL -X GET https://api.github.com/repos/mongodb/atlas-sdk-go/releases/latest | jq -r '.tag_name')" >> "$GITHUB_OUTPUT"
- run: make update-atlas-sdk
- name: Verify Changed files
uses: tj-actions/verify-changed-files@11ea2b36f98609331b8dc9c5ad9071ee317c6d28
uses: tj-actions/verify-changed-files@v20
Copy link
Contributor

@gssbzn gssbzn Jun 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please use the sha? or you can leave it until tuesday and dependabot will create a PR

Copy link
Collaborator Author

@blva blva Jun 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can I merge like this so snyk understand we're using a version > 17?

Copy link
Collaborator Author

@blva blva Jun 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also, can we keep a pinned version?

dependabot complains:

Dependabot can't update vulnerable dependencies without a pinned version
The currently installed version can't be determined.

To resolve the issue pin the version to a specific release in your manifest file.

Copy link
Contributor

@gssbzn gssbzn Jun 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's a request from security to keep 3rd party Gh actions (not mantained by GH) using shas instead of pinned version

Copy link
Collaborator Author

@blva blva Jun 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, i'll close this then! as it would come up again after we fix the issue.

id: verify-changed-files
with:
files: |
Expand Down