Comments (6)
+1 on the script!
Could you make sure (without any modifications to the action file) that this action is not self-updating to the next major?
I would like to prevent a scenario where we break all our users without giving them time to upgrade.
from github-action-merge-dependabot.
+1 on the script!
Could you make sure (without any modifications to the action file) that this action is not self-updating to the next major?
I would like to prevent a scenario where we break all our users without giving them time to upgrade.
Regarding this aspect, I wrote an automation-migration script:
https://github.com/fastify/github-action-merge-dependabot/blob/migration-script/scripts/migration/migrate.js
It needs to be run locally and it will update all the repositories listed in this file:
from github-action-merge-dependabot.
I don't think it's simple or feasible migrating to this as it requires a human to change the action format.
I think we should fork this repo and create a fresh action with new instructions.
from github-action-merge-dependabot.
That's an option as well. Just so we're on the same line, to the best of my understanding this would require a change in the workflow yml file where this action is used, to include a permissions entry which gives the github token pull request write permissions. This change could be easily scriptable in most scenarios.
from github-action-merge-dependabot.
How is it scriptable? Could the current action make the change on its own to all the repos it is installed on? Would it be the right thing to do?
from github-action-merge-dependabot.
The action cannot do this change itself, it's the workflow's yml file that needs to change to include additional configuration. It can be scripted in the sense that a script could go around and update all the workflows where the action is being used, at least within the fastify organization.
from github-action-merge-dependabot.
Related Issues (20)
- Release pending!
- Major version update is auto-merged with target set to minor HOT 16
- "Fetch metadata" step is skipped for "pull_request_target"
- Release pending!
- Clarify meaning of "target" option HOT 1
- Receiving 'Warning: Semver bump '' is invalid!' message HOT 3
- Fail with meaningful error in case an unsupported trigger is used HOT 1
- remove semver as dep HOT 1
- deprecation warning in test/log.test.js HOT 1
- use nearform-actions HOT 1
- remove gitdiff-parser as dependency HOT 1
- use esbuild instead of ncc
- Feature: Allow defining targets per pattern or group
- replace husky with @fastify/pre-commit
- use taprc and show coverage report HOT 1
- Suppress warning in CI/CD pipeline HOT 1
- remove @actions/github HOT 1
- Output does not seem to appear HOT 2
- Frequently see error "Pull request is in unstable status" (but all validation checks pass) HOT 4
- Release pending!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from github-action-merge-dependabot.