New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: update github actions #44177
ci: update github actions #44177
Conversation
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
@@ -0,0 +1,9 @@ | |||
version: 2 | |||
updates: | |||
- package-ecosystem: "github-actions" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this enable dependabot on the repo? (not a huge fan of having it running, also because it will start to open pull requests in 18.300 forks).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah if 18k forks rebase this would happen 🤷♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ref dependabot/dependabot-core#2804 for the tracking of this issue as well as opencontainers/runc#3127 for this same issue in runc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could use renovate instead: https://docs.renovatebot.com/modules/manager/github-actions/
with: | ||
targets: cross | ||
env: | ||
DOCKER_CROSSPLATFORMS: ${{ matrix.platform }} | ||
- | ||
name: Upload artifacts | ||
uses: actions/upload-artifact@v2 | ||
uses: actions/upload-artifact@v3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@neersighted Maybe pick that change to #44444? v3.1.1 fixes the set-output
warning: https://github.com/actions/upload-artifact/releases/tag/v3.1.1
One concern I still have about use of Dependabot is the fact that each bump is a separate PR; this creates a large burden for backports to stable branches (as in general we will want to actively maintain our CI on all branches/keep it as aligned as is practical). Renovate supports batched updates that could help reduce the noise/burden; but I do see the appeal of Dependabot given it is simpler/easier to learn and GitHub-native. We could consider something like tibdex/backport as a way of making (trivial) backports less of a burden in general (I have used it in another busy project with major success). |
Could we drop the bit for dependabot, and just manually update? |
If we do that, this is redundant with #44444 and we should close this one as suggested by @crazy-max. |
Let's close it for now |
- What I did
update github actions to latest major releases and also adds dependabot config to just keep gha actions up to date.
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)