[MAINT]: Pin peter-evans/create-or-update-comment action for all

octokit / octokit.js

The all-batteries-included GitHub SDK for Browsers, Node.js, and Deno.

MIT License

6.97k stars 1.02k forks source link

[MAINT]: Pin peter-evans/create-or-update-comment action for all #2534

Closed nickfloyd closed 1 year ago

nickfloyd commented 1 year ago

Describe the need

So we've implemented an immediate response action across all SDK repos and did not pin the version of peter-evans/create-or-update-comment action. This causes an enormous amount of chatter in dependabot PRs when commits are made.

We should do 2 things here:

Use our automatic publish-project-workflow to publish the immediate response action workflow across all octokit owned repos.
Build the template pinning the action to v3.0.2 so: uses: peter-evans/create-or-update-comment@v3.0.2

SDK Version

All SDK repos

API Version

No response

Relevant log output

No response

Code of Conduct

[x] I agree to follow this project's Code of Conduct

github-actions[bot] commented 1 year ago

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

gr2m commented 1 year ago

An alternative might be to use a reusable workflow: https://github.blog/2022-02-10-using-reusable-workflows-github-actions/

I never tried it, but I think it would let us have a single place where we wrap an action like peter-evans/create-or-update-comment that we need to update on new releases. And all the @octokit repositories would reference our shared workflow and never need to be updated ever.

nickfloyd commented 1 year ago

@gr2m that's a good thought - I think I tried that originally but I got roadblocked by bot permissions - I'll need to have another look - given that we are not just octokit but also maintaining the integrations org as well it made things a bit bumpy there.

gr2m commented 1 year ago

I got roadblocked by bot permissions

Hm let me know if you run into permission problems again, we might need to use a bot token instead of the provided GITHUB_TOKEN in order to access cross repository workflows?