Skip to content

Update actions version comments#971

Merged
vy merged 1 commit intoapache:release-2.xfrom
marcwrobel:fix-actions-versions
Jul 25, 2022
Merged

Update actions version comments#971
vy merged 1 commit intoapache:release-2.xfrom
marcwrobel:fix-actions-versions

Conversation

@marcwrobel
Copy link
Copy Markdown
Contributor

@marcwrobel marcwrobel commented Jul 21, 2022

@vy vy merged commit bcf34fe into apache:release-2.x Jul 25, 2022
@vy
Copy link
Copy Markdown
Member

vy commented Jul 25, 2022

@marcwrobel, thanks so much for the explanation and fixes, much appreciated! 🙏

It is pretty fragile to manually manage these comments ourselves, yet having commit hashes is a security best-practice. Do you know of a way to make dependabot take care of this for us?

@marcwrobel marcwrobel deleted the fix-actions-versions branch July 25, 2022 19:44
@marcwrobel
Copy link
Copy Markdown
Contributor Author

marcwrobel commented Jul 25, 2022

@vy, unfortunately I don't. I have to amend dependabot PR each time there is a version upgrade.

@marcwrobel
Copy link
Copy Markdown
Contributor Author

marcwrobel commented Nov 13, 2022

@vy, FYI https://github.blog/changelog/2022-10-31-dependabot-now-updates-comments-in-github-actions-workflows-referencing-action-versions/.

This was referenced Dec 19, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marcwrobel @vy