build(deps): bump actions/download-artifact from 3.0.0 to 3.0.1 #820
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
kind/enhancement
dependabot
bot
requested review from
nbusseneau
and removed request for
a team
maintainer-s-little-helper
bot
added
dont-merge/needs-release-note-label
dependabot
bot
requested review from
michi-covalent
and removed request for
a team
|
CI build failure seems unrelated to the patch: % docker run -it --rm docker.io/library/golang:1.19.3-alpine3.16 /bin/grep :123: /etc/group
ntp:x:123:According to some recent sources, the GitHub action runner gid should be 121 so that could explain why we didn't hit this issue previously, but here it's 123 (for this run at least). See #751 for more context about why we need to map the uid/gid inside the docker container building the release. Should we write a script running addgroup/adduser conditionally (i.e. when the gid respectively doesn't already exists)? cc @gandro |
We'd also need to run the command with the release gid. In the end, trying to reuse the host uid/gid is a bit fragile. Maybe we could use some form user-mapping instead? |
|
in tetragon repo we ended up doing cilium/tetragon#557 |
Not sure I understand this: If you assign a random uid/gid to the release user, it won't match the uid/gid of the user invoking the Makefile. I guess it fixes the issue where git complains that it's running as root, but it won't fix the issue where the Makefile caller won't be the owner of the generated release artifacts. |
|
@dependabot rebase |
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@fb598a6...9782bd6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/download-artifact-3.0.1
branch
from
3e0a9ca
to
fad3025
Compare
|
Addressed the failing workflow in #821 |
gandro
deleted the
dependabot/github_actions/actions/download-artifact-3.0.1
branch
@gandro yap, I think we need to use |
Bumps actions/download-artifact from 3.0.0 to 3.0.1.
Release notes
Sourced from actions/download-artifact's releases.
Commits
9782bd6Update@actions/coreto 1.10.0 (#178)076f0f7Merge pull request #156 from actions/dependabot/npm_and_yarn/ansi-regex-4.1.17151be3Bump ansi-regex from 4.1.0 to 4.1.151cbdc4Merge pull request #152 from actions/dependabot/npm_and_yarn/minimist-1.2.6e89a529Bump minimist from 1.2.5 to 1.2.6You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)