Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version comment in SHA-pinned github actions is not updated if it's incorrect #7912

Open
1 task done
ThiefMaster opened this issue Aug 28, 2023 · 0 comments
Open
1 task done

Version comment in SHA-pinned github actions is not updated if it's incorrect #7912

ThiefMaster opened this issue Aug 28, 2023 · 0 comments
Labels
T: bug 🐞 Something isn't working

Comments

@ThiefMaster
Copy link

ThiefMaster commented Aug 28, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

github-actions

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

name: Test dependabot updates

on:
  push:
    tags: ['v*']

jobs:
  build:
    name: Test
    runs-on: ubuntu-22.04
    steps:
      # this is simply an outdated version
      - uses: docker/setup-buildx-action@2e941f2defb78a11da0f277a3a76fb347dfd084b # v1.4.0
      # this is also an outdated version, but within the same major
      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      # this is an outdated version and the version comment behind it is incorrect (the SHA is from v3.2.4)
      - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.4.5

dependabot.yml content

version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: daily
    groups:
       github-actions:
          patterns: ['*']

Updated dependency

No response

What you expected to see, versus what you actually saw

I would have expected the comment to be updated, regardless of the fact that it was incorrect before.

Here's the PR Dependabot sent: ThiefMaster/depbot-actions-bug#1

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

ThiefMaster/depbot-actions-bug#1

diff --git a/.github/workflows/deptest.yml b/.github/workflows/deptest.yml
index be6927d..6712003 100644
--- a/.github/workflows/deptest.yml
+++ b/.github/workflows/deptest.yml
@@ -10,8 +10,8 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       # this is simply an outdated version
-      - uses: docker/setup-buildx-action@2e941f2defb78a11da0f277a3a76fb347dfd084b # v1.4.0
+      - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
       # this is also an outdated version, but within the same major
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       # this is an outdated version and the version comment behind it is incorrect (the SHA is from v3.2.4)
-      - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.4.5
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.4.5

Smallest manifest that reproduces the issue

No response
@ThiefMaster ThiefMaster added the T: bug 🐞 Something isn't working label Aug 28, 2023
This was referenced Sep 15, 2023
Open
Merged
@wagoodman wagoodman mentioned this issue Sep 15, 2023
Merged
@HonkingGoose HonkingGoose mentioned this issue May 17, 2024
Open
1 task
@andyloughran andyloughran mentioned this issue Oct 29, 2024
Merged
@wrslatz wrslatz mentioned this issue Nov 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ThiefMaster