beam icon indicating copy to clipboard operation
beam copied to clipboard

Published 20 hours ago verified publisher icon apache

Fix #22466 Add github actions dependency updates with dependabot

Open iemejia opened this issue 2 years ago • 6 comments

R: @damccorm @pabloem

Please add a meaningful description for your change here

Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

  • [ ] Choose reviewer(s) and mention them in a comment (R: @username).
  • [ ] Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
  • [ ] Update CHANGES.md with noteworthy changes.
  • [ ] If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

Build python source distribution and wheels Python tests Java tests

See CI.md for more information about GitHub Actions CI.

iemejia avatar Jul 27 '22 08:07 iemejia

Assigning reviewers. If you would like to opt out of this review, comment assign to next reviewer:

R: @damccorm for label build.

Available commands:

  • stop reviewer notifications - opt out of the automated review tooling
  • remind me after tests pass - tag the comment author after tests pass
  • waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

github-actions[bot] avatar Jul 27 '22 09:07 github-actions[bot]

The only exception to that is that infra does allow actions from the github/actions org automatically. So if we wanted, we could turn it on just for those actions (which would mostly just be the setup-* actions)

damccorm avatar Jul 27 '22 11:07 damccorm

I see, a pity that this requires to contact INFRA for simple maintenance. What about the approved actions from other vendors (not github) Can we add those too or do they mind about versions too?

I created a list to enable updates, let me know what you think. Worse case we let only the github ones that are the majority of what Beam currently uses (70 of 91).

iemejia avatar Jul 28 '22 13:07 iemejia

What about the approved actions from other vendors (not github) Can we add those too or do they mind about versions too?

I'm not 100% sure if its enforced across the board, but AFAIK we would need to request an exception for each of those. It might be worth opening an Infra ticket to ask if they can be permanently allowed, but otherwise I'd vote we just keep it to GitHub for now.

damccorm avatar Jul 28 '22 14:07 damccorm

Ok I let only the actions from github. I suppose most of them should be already enable for the org and otherwise we might request them. WDYT? Should we give it a try?

iemejia avatar Jul 31 '22 20:07 iemejia

Reminder, please take a look at this pr: @damccorm

github-actions[bot] avatar Aug 08 '22 12:08 github-actions[bot]

Thanks for the review. I pushed it manually just with the extra suggested comment.

iemejia avatar Aug 10 '22 20:08 iemejia