search

sethvargo / ratchet

A tool for securing CI/CD workflows with version pinning.
Apache License 2.0
769 stars 32 forks source link

Create different comment style #82

Closed stdedos closed 4 months ago

stdedos commented 4 months ago

New issue?

TL;DR

It seems that dependabot supports updating version comments as part of its update https://github.blog/changelog/2022-10-31-dependabot-now-updates-comments-in-github-actions-workflows-referencing-action-versions/

However, can the comments look more like https://github.com/pyca/cryptography/pull/10650/files? I don't know if dependabot would support the ratchet: comments :confused:

Detailed design

No response

Additional information

No response

sethvargo commented 4 months ago

Hi @stdedos - Ratchet supports more than that GitHub Actions. It would be better to ask dependabot to look for the the ratchet prefix: https://github.com/dependabot/dependabot-core/pull/5951/files#diff-e610ea8f33cbfe74ada7eb6fbeab2afe2e2dad154e191bb209fb69f6ca3d7137R77

stdedos commented 4 months ago

Please don't call it completed 😅

sethvargo commented 4 months ago

That's what GitHub does when you close an issue by default.

stdedos commented 4 months ago

There is always https://github.com/refined-github/refined-github/blob/main/source/features/close-as-unplanned.tsx for the utility that Github is not adding 😅