chrisreddington / hugo-community

Community is a Hugo Theme intended to be used by local meetup and community groups
MIT License
2 stars 2 forks source link

Bump github/super-linter from 3 to 4 in /.github/workflows #60

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps github/super-linter from 3 to 4.

Release notes

Sourced from github/super-linter's releases.

Release v3.17.0

No release notes provided.

v3.17.1

Changelog

🐛 Bug Fixes

🧰 Maintenance

See details of all code changes since previous release

Release v3.16.3

No release notes provided.

Release v3.16.2

No release notes provided.

Release v3.16.1

No release notes provided.

Release v3.16.0

No release notes provided.

... (truncated)

Changelog

Sourced from github/super-linter's changelog.

Creating GitHub Super-Linter Release

The Process to create a Release of the GitHub/Super-Linter is as follows:

  • Every push to master/main triggers a build and deploy of the GitHub/Super-linter
  • This creates the following images:
    • github/super-linter:latest
    • github/super-linter:slim-latest
  • This also causes the Release drafter action to update a new draft Release

When an Admin wants to create a Release, the process is as follows:

  • The Admin pushes an update to master/main and updates the action.yml to point to the next Release version
    • Example: image: 'docker://ghcr.io/github/super-linter:v4.6.2' becomes: image: 'docker://ghcr.io/github/super-linter:v4.6.3'
  • Then the admin can go to the Release page and update the current draft Release
  • The Admin will set the correct version strings, and update any additional information in the current draft Release
  • Once the Admin is ready, they will select Publish Release
  • This triggers the GitHub Actions to take the current codebase, and build the containers, and deploy to their locations
  • This creates and pushes the following container images:
    • github/super-linter:latest
    • github/super-linter:v4
    • github/super-linter:v4.6.3
    • github/super-linter:slim-latest
    • github/super-linter:slim-v4
    • github/super-linter:slim-v4.6.3
  • This also updates the latest and vMAJOR Git tags to point to the same commit that the release Git tag is pointing at.
  • At this point, the Release is complete and images are available for general consumption

Pitfalls and Issues

If the Admin Does not update the action.yml to the new version before the Release is published, then the Release will point back to the old version, and any Images will also be sent back to the previous version. This is very much a chicken and the egg issue, but seems to be easily resolved by following the correct path.

Commits
  • bb2d833 Update action.yml
  • 6b9414b Update action.yml
  • 5f63849 Bump alpine/terragrunt from 1.3.0 to 1.3.1 (#3393)
  • d2ce5e2 Bump rubocop-minitest from 0.22.1 to 0.22.2 in /dependencies (#3394)
  • b571565 Bump @​stoplight/spectral from 6.1.0 to 6.5.0 in /dependencies (#3398)
  • d5e5798 Bump terraform-linters/tflint-bundle from v0.41.0.0 to v0.41.0.1 (#3392)
  • 54fa9ed Bump hashicorp/terraform from 1.3.0 to 1.3.1 (#3395)
  • e51114a Bump rhysd/actionlint from 1.6.19 to 1.6.20 (#3396)
  • 62f853c Bump github.com/labstack/echo/v4 in /.automation/test (#3377)
  • f0809f1 Bump jscpd from 3.4.5 to 3.5.0 in /dependencies (#3400)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)