BunnymodXT icon indicating copy to clipboard operation
BunnymodXT copied to clipboard
verified publisher icon YaLTeR

Enable dependabot to update submodules and actions

Open permanentdaylightt opened this issue 1 year ago • 7 comments

permanentdaylightt avatar Sep 24 '24 13:09 permanentdaylightt

Hey, sorry for the delay.

I'm not sure we need this? Like, our SPTLib, hlstrafe, taslogger submodules are just other BXT projects that I update in unison with BXT itself (they also require BXT code changes on update, i.e. cannot be updated automatically). Our discord-rpc is an ancient version that will never be updated. Our cereal and rapidjson don't really need updates, they just work, we aren't using them for anything security-sensitive.

Actions are honestly not a big deal to update by hand.

YaLTeR avatar Oct 02 '24 04:10 YaLTeR

You can merge if you want

permanentdaylightt avatar Oct 02 '24 12:10 permanentdaylightt

todos: make actions upload zips instead of 7z use own install-boost script (some fixes)

permanentdaylightt avatar Oct 09 '24 11:10 permanentdaylightt

I went through to look at some changes you made. Beside the obvious that this isn't very important change, there are something to day about your proposal. 7zip is superior, period. GitHub CI artifact upload as ZIP does not retain file permission so your ZIP artifact might be different. The install-boost is a fork from your repository and is not upstream so that means we (ala Yalter) have to vet your repo as well.

khanghugo avatar Oct 09 '24 11:10 khanghugo

youre right actually, im gonna make some changes to revert it

permanentdaylightt avatar Oct 09 '24 11:10 permanentdaylightt

To reiterate, I still do not see why this PR is useful. Definitely not with an unvetted action fork.

YaLTeR avatar Oct 09 '24 11:10 YaLTeR

well i made this so there will be no need to update the submodules and the github actions

permanentdaylightt avatar Oct 09 '24 11:10 permanentdaylightt