Skip to content

chore: allow actions-toolkit to bypass yarn age gate#314

Merged
crazy-max merged 1 commit into
docker:masterfrom
crazy-max:fix-yarn-preapprove-actions-toolkit
Jul 1, 2026
Merged

chore: allow actions-toolkit to bypass yarn age gate#314
crazy-max merged 1 commit into
docker:masterfrom
crazy-max:fix-yarn-preapprove-actions-toolkit

Conversation

@crazy-max

Copy link
Copy Markdown
Member

relates to https://github.com/docker/setup-qemu-action/actions/runs/28505028156/job/84491274379#step:3:993

This change lets @docker/actions-toolkit bypass Yarn's npmMinimalAgeGate while keeping the two-day age gate for all other npm packages.

The Yarn config now lists @docker/actions-toolkit under npmPreapprovedPackages, which tells Yarn to exempt that package from the minimum release age check: https://yarnpkg.com/configuration/yarnrc#npmPreapprovedPackages

Dependabot already excludes this internal package from its cooldown, but Yarn still quarantined fresh releases during resolution. Preapproving only this package keeps the broader supply-chain delay intact without blocking internal toolkit updates.

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Comment thread .yarnrc.yml
Comment on lines +17 to +18
npmPreapprovedPackages:
- "@docker/actions-toolkit"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to have a comment here to describe the motivation, or do you think git blame is enough?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git blame looks enough to me, specially since we have the same exclusion in dependabot conf

exclude:
- "@docker/actions-toolkit"

@thaJeztah thaJeztah left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants