Skip to content

chore: do not use github actions @master #731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tushar-composio merged 11 commits into from
Nov 28, 2024
Merged

chore: do not use github actions @master #731

tushar-composio merged 11 commits into from
Nov 28, 2024

Conversation

@vil02
Copy link

@vil02 vil02 commented Oct 18, 2024
edited by ellipsis-dev bot
Loading

It is considered a bad practice to use github actions @master instead of specifying an exact tag. This PR pins such actions to the newest available versions.

The remaining actions are updated by #658.

Important

Pin GitHub Actions to specific versions in workflows for stability and security.

  • Workflows:
    • Update actions/setup-python from @master to @v5 in common.yml.
    • Update actions/checkout from @master to @v4 in examples.yml.
    • Update actions/checkout from @master to @v4 in release.yaml.

This description was created by Ellipsis for 6a4bfc7. It will automatically update as commits are pushed.

ellipsis-dev[bot]
ellipsis-dev bot reviewed Oct 18, 2024
View reviewed changes
Copy link

@ellipsis-dev ellipsis-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Looks good to me! Reviewed everything up to 6a4bfc7 in 18 seconds

More details
  • Looked at 68 lines of code in 3 files
  • Skipped 0 files when reviewing.
  • Skipped posting 2 drafted comments based on config settings.
1. .github/workflows/release.yaml:25
  • Draft comment:
    Consider updating actions/checkout@v2 to the latest stable version v4 for consistency and to benefit from the latest features and security patches. This is also applicable in other parts of the workflow where checkout@v2 is used.
  • Reason this comment was not posted:
    Comment did not seem useful.
2. .github/workflows/release.yaml:26
  • Draft comment:
    Consider updating actions/setup-python@v2 to the latest stable version v3 for consistency and to benefit from the latest features and security patches. This is also applicable in other parts of the workflow where setup-python@v2 is used.
  • Reason this comment was not posted:
    Comment did not seem useful.

Workflow ID: wflow_5SJ1ArPyxe7Ykmij

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

@vil02 vil02 force-pushed the do_not_use_github_actions_at_master branch from 6a4bfc7 to 15d917f Compare October 18, 2024 22:32
@vil02 vil02 force-pushed the do_not_use_github_actions_at_master branch from 15d917f to 90642f6 Compare October 26, 2024 14:19
@vercel
Copy link

vercel bot commented Oct 26, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
composio ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 28, 2024 9:50am

@tushar-composio tushar-composio changed the base branch from master to dependabot/github_actions/github-actions-90e2c2ff70 November 28, 2024 09:48
@tushar-composio tushar-composio merged commit 5ac72d2 into ComposioHQ:dependabot/github_actions/github-actions-90e2c2ff70 Nov 28, 2024
2 of 4 checks passed
@vil02 vil02 deleted the do_not_use_github_actions_at_master branch November 28, 2024 10:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vil02 @tushar-composio