protolint icon indicating copy to clipboard operation
protolint copied to clipboard
verified publisher icon yoheimuta

chore(deps): Bump alpine from 3.15.4 to 3.16.2

Open dependabot[bot] opened this issue 3 years ago • 3 comments

Bumps alpine from 3.15.4 to 3.16.2.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Aug 15 '22 02:08 dependabot[bot]

@yoheimuta I just noticed this failed.

The error:

Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.

is due to the new upload-sarif action.

Should we change the entire Go workflow to run only on pull_request? Or do we split it into two workflows and leave Lint/Test/Build in go.yml running on push and pull_request while the trivy and hadolint move to a new workflow running on only pull_request?

wwuck avatar Aug 15 '22 03:08 wwuck

@wwuck Thank you for the catch! Since we shouldn't push commits to the main branch directly, it's enough to run only on pull_request.

Should we change the entire Go workflow to run only on pull_request?

So, I second this idea.

yoheimuta avatar Aug 20 '22 06:08 yoheimuta

@yoheimuta fixed in https://github.com/yoheimuta/protolint/pull/274

wwuck avatar Aug 21 '22 12:08 wwuck

Superseded by #296.

dependabot[bot] avatar Nov 14 '22 02:11 dependabot[bot]