Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Actions version pinning dropped #7971

Closed
1 task done
na-jakobs opened this issue Sep 5, 2023 · 5 comments · Fixed by #8068
Closed
1 task done

GitHub Actions version pinning dropped #7971

na-jakobs opened this issue Sep 5, 2023 · 5 comments · Fixed by #8068
Labels
T: bug 🐞 Something isn't working

Comments

@na-jakobs
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

github-actions

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"

Updated dependency

No response

What you expected to see, versus what you actually saw

Expected to see an update to the latest sha along with an update to the comment.

Removed:

steps:
   - name: Checkout repo
     uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2

Added:

steps:
   - name: Checkout repo
     uses: actions/checkout@v4 # v3.5.2

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

dependabot-removing-sha

Smallest manifest that reproduces the issue

No response
@na-jakobs na-jakobs added the T: bug 🐞 Something isn't working label Sep 5, 2023
@RazerM
Copy link

RazerM commented Sep 5, 2023

I have the same issue in https://github.com/getlogbook/logbook/pull/356/files

@yeikel
Copy link
Contributor

yeikel commented Sep 6, 2023
edited
Loading

I have the same issue in https://github.com/getlogbook/logbook/pull/356/files

Your issue seems to be a valid duplicate of this #7966

In particular, the reason seems to be this : #7966 (comment)

@na-jakobs Can you share a link to your pull request/manifest? If sharing the pull request is not possible because it is a private repository, please share the patch instead

I am trying to see if the symptoms are the same as the pull request shared above. If so, we can probably close this as duplicate and upvote the other

@RazerM
Copy link

RazerM commented Sep 6, 2023

@yeikel I'm referring to this file, which dependabot is bumping a commit hash to a tag: https://github.com/getlogbook/logbook/pull/356/files#diff-ab7cd36ad831c30099773459b80595fd3b72612f333f6a2f4e11c2606176999f

@yeikel
Copy link
Contributor

yeikel commented Sep 6, 2023
edited
Loading

@yeikel I'm referring to this file, which dependabot is bumping a commit hash to a tag: https://github.com/getlogbook/logbook/pull/356/files#diff-ab7cd36ad831c30099773459b80595fd3b72612f333f6a2f4e11c2606176999f

Yep, your issue seems to be the same as #7966 where due to you having a mix of formats, dependabot incorrectly uses one of the formats as opposed to respecting them

See this comment for an explanation #7966 (comment)

@deivid-rodriguez deivid-rodriguez mentioned this issue Sep 19, 2023
Merged
@deivid-rodriguez
Copy link
Contributor

This will get fixed by #8068!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Respect style of each action when mixed styles are used dependabot/dependabot-core
4 participants
@RazerM @deivid-rodriguez @yeikel @na-jakobs