janedbal
commented
6 months ago The failed CI job looks like a bug, reported here: https://github.com/IonBazan/composer-diff/issues/30
Closed janedbal closed 6 months ago
janedbal
commented
6 months ago The failed CI job looks like a bug, reported here: https://github.com/IonBazan/composer-diff/issues/30
janedbal
commented
6 months ago I tried fixing the issue as suggested in the bugreport, but as I'm just sending fork, GitHub security measures are not executing the new job (when pull_request_target is kept) or not allowing pull_requests: write permission (when pull_request is used).
So in order to unblock this PR, some maintainer need to adjust the broken job.
Note: I removed my commit that attempted to fix it.
janedbal
commented
6 months ago The bug should be solvable just by bumping the version:
diff --git a/.github/workflows/composer-diff.yml b/.github/workflows/composer-diff.yml
index 3bfdb4fc..f5748bdc 100644
--- a/.github/workflows/composer-diff.yml
+++ b/.github/workflows/composer-diff.yml
@@ -19,6 +19,6 @@ jobs:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Comment composer.lock diff
- uses: WyriHaximus/github-action-composer.lock-diff@v1
+ uses: WyriHaximus/github-action-composer.lock-diff@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}But as said above, I cannot do it in PR due to security measures of GitHub.
gennadigennadigennadi
commented
6 months ago @janedbal could you fix the conflict?
janedbal
commented
6 months ago Fixed conflict
gennadigennadigennadi
commented
6 months ago @janedbal thank you for your contribution.
Hi, I tested your repository with composer-dependency-analyser and it found some shadow dependencies:
All those seem valid to me, so I added those to composer and the tool to CI to avoid possible issues in future.