AO3-6410 Re-enable dependabot for Github Actions workflow updates.#4388
Merged
sarken merged 2 commits intootwcode:masterfrom Nov 18, 2022
Merged
Conversation
github-actions
bot
added
Scope: Tests Only
sarken
approved these changes
Nov 18, 2022
Collaborator
sarken
left a comment
sarken
left a comment
There was a problem hiding this comment.
Oh, yay, I wasn't expecting that to get fixed so soon! I think we're good without bumping anything's version number down to test.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
https://otwarchive.atlassian.net/browse/AO3-6410
Purpose
.github/dependabot.ymlfile originally created in AO3-6410 Let dependabot update workflow actions. #4359 and then removed again in AO3-6410 Revert "AO3-6410 Let dependabot update workflow actions." #4368. We had to remove it because it was submitting PRs to all forks with no way to disable it, but that behavior has since been fixed.actions/cacheversion number to bev3instead ofv3.0.11. In Github Actions, the convention is to have the major version numbers likev3be updated every time a minorv3.x.yversion is released. This means that by setting your version number to a major version, you automatically get rolling updates, and don't have to spend as much time updating things. We originally were using major version updates for everything, but when we temporarily enabled dependabot back in October, the dependabot pull request AO3-6411 Bump actions/cache from 2 to 3.0.11 #4364 changed the version number from major to minor. This was a bug, and has since been fixed, but I wanted to make sure we weren't permanently stuck on minor versions.Testing Instructions
I'm not sure whether the workflows actually need updates at this point, so this might be difficult to test. Is it enough that we know it worked the first time around? Or should I deliberately lower the version number of one of the actions to test it?