search

snapcrafters / signal-desktop

Unofficial Signal Desktop installer for Linux
https://snapcraft.io/signal-desktop
GNU Affero General Public License v3.0
35 stars 15 forks source link

[Bug]: GH Action erroneously suggests promoting incorrect releases #204

Closed popey closed 10 months ago

popey commented 11 months ago

What happened?

In issue #201 - generated by a GH action (I believe) - the maintainers were told to promote revisions 34 and 35. These are not correct revisions. It should have suggested to promote 556 and 557. As a result, if done without double-checking, the maintainers could (and did) easily promote an old, broken, insecure release. This shouldn't be allowed happen.

What should have happened?

The action should have informed the maintainer to promote the correct revisions.

Output of snap info $snap_name

Not relevant

Output of snap connections $snap_name

Not relevant

Output of snap version

Not relevant

Relevant log output

No response

Teminal output of app

No response

popey commented 11 months ago

image

image

merlijn-sebrechts commented 11 months ago

I see two issues

  1. The examples part of the bot text shouldn't contain numbers
  2. The bot should have some for of safeguard not to promote ancient versions
merlijn-sebrechts commented 10 months ago

This is fixed now, thanks to @jnsgruk's incredible efforts!