Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have Renovate file GitHub CodeQL upgrade PRs once every four weeks #745

Merged
merged 2 commits into from
Aug 15, 2023
Merged

Have Renovate file GitHub CodeQL upgrade PRs once every four weeks #745

merged 2 commits into from
Aug 15, 2023

Conversation

rickie
Copy link
Member

@rickie rickie commented Aug 7, 2023

As discussed here.

@rickie rickie added the chore A task not related to code (build, formatting, process, ...) label Aug 7, 2023
@rickie rickie added this to the 0.13.0 milestone Aug 7, 2023
@rickie rickie mentioned this pull request Aug 7, 2023
Merged
1 task
mohamedsamehsalah
mohamedsamehsalah approved these changes Aug 7, 2023
View reviewed changes
Copy link
Contributor

@mohamedsamehsalah mohamedsamehsalah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stephan202
Stephan202 reviewed Aug 7, 2023
View reviewed changes
Copy link
Member

@Stephan202 Stephan202 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The suggested commit message should also mention setup-ruby? 🤔

LGTM otherwise!

.renovaterc.json Outdated
Comment on lines 15 to 18
"matchDepNames": ["github/codeql-action"],
"matchPackagePatterns": [
"^ruby\\/setup-ruby$"
],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two questions:

  1. These rules are disjunctive (either, but not both need to match)?
  2. Since ruby/setup-ruby is also a GitHub action, can it also be specified using matchDepNames (or, if we want to consistently keep using matchPackagePatterns, can github/codeql-action be also expressed as such)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Yes, for example; it opened the CodeQL PR while the PSM is already up-to-date (in my local testing setup).
  2. I see there is no entry for Ruby yet in our config, so I can file a PR there to add it.

(I was wondering why we didn't get any updates, but we are still on the latest: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified with local testing that the depName is ruby/setup-ruby 😄.

Added a commit to use the deps in a similar way.

@rickie
Copy link
Member Author

rickie commented Aug 15, 2023

Suggested commit message:

Have Renovate file GitHub CodeQL upgrade PRs once every four weeks (#745)

While there, match on the `depName` of `ruby/setup-ruby`.

@rickie rickie force-pushed the rossendrijver/codeql-schedule branch from 9b2b64f to 47e4bde Compare August 15, 2023 08:50
@rickie rickie requested a review from Stephan202 August 15, 2023 08:50
@github-actions
Copy link

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

1 similar comment
@github-actions
Copy link

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

Stephan202
Stephan202 approved these changes Aug 15, 2023
View reviewed changes
Copy link
Member

@Stephan202 Stephan202 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@rickie rickie force-pushed the rossendrijver/codeql-schedule branch from 47e4bde to 354317d Compare August 15, 2023 11:41
@rickie
Copy link
Member Author

rickie commented Aug 15, 2023

Rebased, will merge once 🍏!

@sonarcloud
Copy link

sonarcloud bot commented Aug 15, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@github-actions
Copy link

Looks good. No mutations were possible for these changes.
Mutation testing report by Pitest. Review any surviving mutants by inspecting the line comments under Files changed.

@rickie rickie merged commit d758fab into master Aug 15, 2023
17 checks passed
@rickie rickie deleted the rossendrijver/codeql-schedule branch August 15, 2023 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Stephan202 Stephan202 Stephan202 approved these changes

@mohamedsamehsalah mohamedsamehsalah mohamedsamehsalah approved these changes

Assignees
No one assigned
Labels
chore A task not related to code (build, formatting, process, ...)
Milestone
0.13.0
Development

Successfully merging this pull request may close these issues.
3 participants
@rickie @Stephan202 @mohamedsamehsalah