Closed lemeurherve closed 1 year ago
I am taking this issue and plan to use dependabot as most of the repository are using it and it will be more efficient than updatecli on this matter.
Reopening as the goal of this issue is to track GitHub actions versions across all @jenkins-infra repositories.
Which one are missing ?
as for this search : https://github.com/search?q=org%3Ajenkins-infra+tibdex%2Fgithub-app-token&type=code they are all tracked ... but you may want to check on all "active" repositories ...?
I don't understand for example why in jenkins-infra/status the tibdex action version isn't udpated while there is a dependabot config.
I don't understand for example why in jenkins-infra/status the tibdex action version isn't udpated while there is a dependabot config.
Agree, this is weird.
Let's start by listing all repositories that have .github/workflows/*
files: each of those must have a .github/dependabot.yaml
file with github-actions
string inside. Looks good?
Here are the repositories with a .github/workflows
folder but without .github/dependabot.yml
file:
.dependabot.yaml
should be renamed dependabot.yml
)I don't understand for example why in jenkins-infra/status the tibdex action version isn't udpated while there is a dependabot config.
Renaming the file .dependabot.yaml
to dependabot.yml
in jenkins-infra/status fixed it: https://github.com/jenkins-infra/status/pulls
For the record, I've obtained this list by running find . -type d -name "workflows" | sort -u
and find . -name "dependabot.yml" | sort -u
in a folder containing all @jenkinsci repositories, then manually merging these lists and checking each of them manually.
Reopening as there are errors on workflow runs:
No event triggers defined in
on
Ex: https://github.com/jenkins-infra/packer-images/actions/runs/4235208310
I used the wrong folder in my initial pull requests, now fixed.
Closing the issue (again ^^)
Service(s)
GitHub
Summary
We're using several GitHub actions in some of our repositories, but not all of them have their version pinned, and we aren't tracking most of these.
We should add updatecli manifests to track these versions and keep them up to date.
Example: https://github.com/search?q=org%3Ajenkins-infra+tibdex%2Fgithub-app-token&type=code, returning
v1
,v1.5
andv1.7