kube-rbac-proxy icon indicating copy to clipboard operation
kube-rbac-proxy copied to clipboard

Published 20 hours ago verified publisher icon brancz

Update outdated GitHub Actions

Open lucacome opened this issue 8 months ago • 11 comments

Updates the Actions to the latest version available. This among other things removes the warnings in the runs.

The setup-go action now accepts stable as a version to always use the latest stable version.

Also updated .golangci.yaml to remove the warnings about deprecated configuration options.

lucacome avatar Mar 07 '25 02:03 lucacome

Oh, that is a cool contribution. I will take a look, but first I will take a look at the bug introduced with the last version.

ibihim avatar Mar 13 '25 10:03 ibihim

/lgtm

ibihim avatar Mar 20 '25 10:03 ibihim

Is there anything I need to do to get this merged?

lucacome avatar Mar 28 '25 00:03 lucacome

I don't think so, just patience 😅

I was waiting for @stlaz, but he said that it is fine to merge. But there is no hurry yet as there are a couple of other PRs to merge before the next release.

ibihim avatar Mar 31 '25 08:03 ibihim

@lucacome , actually I just watched a best practice in a talk at KubeCon London:

Could you pin the full commit hash of the current checkout v4 (11bd71901bbe5b1630ceea73d27597364c9af683)? It is considered more secure, than following the tag.

In context of the whole tj-actions desaster.

ibihim avatar Apr 01 '25 11:04 ibihim

@ibihim I usually have the SHAs for all the Actions in all my repos, but I also add something like dependabot or renovate to keep the dependencies up to date. I feel like pinning a dependency that will never get updated again might be worse than having a major tag. What do you think?

lucacome avatar Apr 01 '25 17:04 lucacome

I agree, we will need to change that :) If you have any best practices to share, you are welcome, otherwise I would make it part of the release cycle, to not only bump go deps, but also GitHubActions.

ibihim avatar Apr 03 '25 07:04 ibihim

The e2e tests are failing :)

Sorry, for not approving you earlier, but once I press the "approve" button, your PR gets merged automatically once it is green.

ibihim avatar Apr 03 '25 12:04 ibihim

Can you squash also the commits into one or two (e.g. one for the github action and one for the other stuff)? :smile:

ibihim avatar Apr 04 '25 11:04 ibihim

I agree, we will need to change that :) If you have any best practices to share, you are welcome, otherwise I would make it part of the release cycle, to not only bump go deps, but also GitHubActions.

I would add renovate. I opened a PR a while ago with dependabot (because you can just add the file to enable it) and it was rejected tho.. 😅

lucacome avatar Apr 09 '25 00:04 lucacome

By the way, I was also planning to add the build step as a GitHub Action instead of the script after this one is merged.

lucacome avatar Apr 12 '25 00:04 lucacome

@lucacome,

If you don't want to continue working on this, I would take your PR over and finish the last comments.

I really like your work here

ibihim avatar Sep 19 '25 12:09 ibihim

Closing in favor of https://github.com/brancz/kube-rbac-proxy/pull/395

ibihim avatar Sep 25 '25 12:09 ibihim