Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dex tagging on master branch to support dependabot #2880

Closed
2 tasks done
janisz opened this issue Mar 31, 2023 · 4 comments
Closed
2 tasks done

Dex tagging on master branch to support dependabot #2880

janisz opened this issue Mar 31, 2023 · 4 comments

Comments

@janisz
Copy link

janisz commented Mar 31, 2023

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Dependabot does not works with dex. The last version it recognizes is 2.13.1 and incorectly tries to downgrade to it.

Proposed Solution

Tag on the main branch as described in dependabot/dependabot-core#6947 (comment)

Alternatives Considered

No response

Additional Information
@sagikazarmark
Copy link
Member

New minor versions are tagged from the main branch, patch versions are tagged from release branches, but I'm not sure I understand the problem with that.

Also, Dex is not supposed to be imported as a module under normal circumstances. Can I ask what your use case is for doing so?

@janisz
Copy link
Author

janisz commented Mar 31, 2023

We are using just open shift connector as a lib.
https://sourcegraph.com/search?q=context:global+repo:%5Egithub%5C.com/stackrox/stackrox%24+dexidp&patternType=standard&sm=1&groupBy=path

@sagikazarmark
Copy link
Member

Looking at this again: I believe the explanation given in the linked issue is wrong.

Most tags are indeed on the main branch (except maybe some patch versions that contain backported fixes)

The pseudo version is the result of the fact the Dex module does not have a /v2 segment as required by Go modules. It was a decision made early that we can't change at this point. If Dex ever sees a version 3, we are going to fix it.

Again, Dex is not really supposed to be imported as a library, so it's not really prepared for this use case.

@sagikazarmark
Copy link
Member

I'm gonna close this issue for now as there isn't anything we can do at the moment.

@sagikazarmark sagikazarmark closed this as not planned Won't fix, can't repro, duplicate, stale Apr 23, 2023
This was referenced Nov 24, 2023
Closed
Closed
Merged
IvoGoman added a commit to cloudoperators/greenhouse that referenced this issue Apr 29, 2024
@IvoGoman
fix(renovate): ignore dexidp since go mod version not supported
42a9323 
Dex versions are not compatible with Go nor dependabot. See: dexidp/dex#2880
@IvoGoman IvoGoman mentioned this issue Apr 29, 2024
Merged
IvoGoman added a commit to cloudoperators/greenhouse that referenced this issue Apr 29, 2024
@IvoGoman
fix(renovate): ignore dexidp since go mod version not supported (#179)
241d0e8 
Dex versions are not compatible with Go nor dependabot. See: dexidp/dex#2880
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sagikazarmark @janisz