Bump @actions/core from v1.9.1 to v1.10.0
#101
Conversation
(ordering of dependencies happened automatically when running the `npm install` command.)
|
@zricethezav do we have any plan to have this merge and release? CC: @ericcornelissen |
|
I will ping @weineran that I think can help us with that as well. Thank you for the contribution @ericcornelissen. |
|
Hi everyone, sorry for the delay on this one. @ericcornelissen Thanks for your contribution. The reason for the delay is that this is the first PR we've received from the community since we released v2 under a commercial license. That means we had to be a little thoughtful about the legal implications of accepting community contributions. And thinking about legal matters isn't much fun so we procrastinated... Anyway, we're hoping to provide some clarity on the path forward for community contributions later today or tomorrow, so stay tuned! |
|
@ericcornelissen We just posted our contributing guidelines including a section called "Legal": https://github.com/gitleaks/gitleaks-action/blob/master/CONTRIBUTING.md#legal Can you take a look and let us know if you're OK with that? If you have any questions/concerns, let us know. |
|
Actually, here is a link to that file on the current commit, so this link will be static: https://github.com/gitleaks/gitleaks-action/blob/646a318983bffac15b4946496d999f7a99ae354c/CONTRIBUTING.md |
I'm okay with that. I updated my branch so that the legal text you linked to is also present on my branch as a way of re-enforcing that. |
|
I'm wondering if it's necessary to build the action as well. I noticed that a few previous PR bumping dependencies also have the |
Yes indeed, @ericcornelissen can you try to build the dist per the new instructions in the quickstart section here? Or if you'd rather hand this off to me, that's fine too. Let me know! |
Should be done with 4d1c233
I managed, but I think the instructions can be improved. Following those steps won't always work because I'd be happy to provide more feedback/help improve the instructions in a separate thread from this 🙂 |
Yeah, sorry for the sparse instructions :/ Glad you were able to push through and get it to work.
Yes, feedback/help is always welcome! |
|
Noticing the checks are failing b/c they're not picking up the GITLEAKS_LICENSE secret that's stored in our organization. I need to look into that before I merge this although it's very likely unrelated... |
Note that secrets are not available when running in the context of a fork. Per the documentation for "Encrypted secrets":
You can also see this from the workflow logs. For a successful run it looks like: whereas for a failed run of this Pull Request it looks like: |
|
Makes sense. Thanks for the pointer to the docs. I've created a new branch |
No problem 😄
Done 👍 |
|
✅ Merged to master here: #103 |
|
✅ After releasing Thanks @ericcornelissen ! |
Closes #100 by upgrading
@actions/coreto the latest version. Per the v1.10.0 release notes of@actions/core:Notes:
dist/directory should be updated as part of this Pull Request or not. If yes, I'm not quite sure how to do that as there's no npm script (or similar) for it as far as I'm aware... Feel free to push a commit to updatedist/if that's required 🙂@actions/corepinned (i.e. without leading^) even though it's the only dependency that's pinned. I wasn't sure this is intended so I just kept it like it was.npm installcommand. Happy to revert that change if desired, but I believe it makes more sense to keep it this way as anyone runningnpm installwill run into this change.