Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade actions/checkout #1053

Closed
wants to merge 1 commit into from
Closed

Upgrade actions/checkout #1053

wants to merge 1 commit into from

Conversation

mportesdev
Copy link
Contributor

GitHub Action: upgrade the actions/checkout action to v4.

ericwb
ericwb approved these changes Sep 13, 2023
View reviewed changes
Copy link
Member

@ericwb ericwb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sigmavirus24
Copy link
Member

Please just turn on dependabot instead to auto-upgrade these. urllib3 has an example for configuring it to do exactly that.

@lukehinds
Copy link
Member

Maybe we should change it from monthly, to weekly? Looking around most go for daily (which is my pref)

https://github.com/PyCQA/bandit/blob/main/.github/dependabot.yml#L7

@ericwb
Copy link
Member

ericwb commented Sep 18, 2023

While this change is fine, as noted by @lukehinds and @sigmavirus24, a better fix is to update the schedule of the dependabot which is automatically checking for newer version of the actions.

@ericwb
Copy link
Member

ericwb commented Sep 18, 2023

Maybe we should change it from monthly, to weekly? Looking around most go for daily (which is my pref)

https://github.com/PyCQA/bandit/blob/main/.github/dependabot.yml#L7

FYI, I think this workflow isn't running because its in the wrong path. I opened issue #1055

@sigmavirus24
Copy link
Member

Also if actions aren't run frequently enough, GitHub disables them so it may have disabled monthly dependabot

@ericwb
Copy link
Member

ericwb commented Sep 19, 2023

FYI, created PR #1057 to repair the dependabot file and also update the checks to weekly.

@mportesdev
Copy link
Contributor Author

Closing in favor of #1057

@mportesdev mportesdev closed this Sep 19, 2023
@mportesdev mportesdev deleted the ci/checkout branch September 19, 2023 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericwb ericwb ericwb approved these changes

@lukehinds lukehinds Awaiting requested review from lukehinds lukehinds is a code owner

@sigmavirus24 sigmavirus24 Awaiting requested review from sigmavirus24 sigmavirus24 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mportesdev @sigmavirus24 @lukehinds @ericwb