Build: Bump actions/checkout from 2 to 3 #2799
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/checkout-3
branch
from
3bc20fd
to
1d75928
Compare
|
after a second review, I'd like to see how the dependabot merge command is different to a normal click on the merge button. |
|
@dependabot merge |
dependabot
bot
deleted the
dependabot/github_actions/actions/checkout-3
branch
|
Probably it's just the merger who changes. |
|
And it seems like it changes the context for CI runs -- looks like the dependabot-triggered action lacks access to the secrets required for the dependencies bump check? https://github.com/jamulussoftware/jamulus/runs/7960101624?check_suite_focus=true#step:2:53 |
|
The regular merge of the other PR did not have this issue. So I guess we should go with regular merges. |
|
For PRs, this is documented behavior, btw. Might be similar for the merges then.
|
hoffie
changed the title
Bumps actions/checkout from 2 to 3.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
2541b12Prepare changelog for v3.0.2. (#777)0ffe6f9Add set-safe-directory input to allow customers to take control. (#770)dcd71f6Enforce safe directory (#762)add3486Patch to fix the dependbot alert. (#744)5126516Bump minimist from 1.2.5 to 1.2.6 (#741)d50f8eaAdd v3.0 release information to changelog (#740)2d1c119update test workflows to checkout v3 (#709)a12a394update readme for v3 (#708)8f9e05eUpdate to node 16 (#689)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)