Replace actions/setup-go with actions/setup-python in smoke test#409
Conversation
7c68300 to
3378db5
Compare
| ignore: | ||
| # These are intentionally pinned to old versions for the smoke test fixture: .github/workflows/i-am-a-smoke-test.yml | ||
| - dependency-name: "actions/setup-python" | ||
| - dependency-name: "actions/setup-ruby" | ||
| - dependency-name: "actions/setup-node" |
There was a problem hiding this comment.
I'm not sure if I can actually do this... will the dependabot test command look for this dependabot.yml file and read these ignores and skip it?
There was a problem hiding this comment.
It looks like this doesn't break dependabot test, and it's certainly helpful to prevent PR's from showing up that would break our tests.
It also provides a clear documentation link within this file if someone is like "why are these not getting updated?"... it'll show them "oh, they're used int eh tests, so we tell Dependabot not to actually open PR's to bump them"
There was a problem hiding this comment.
I'm not too familiar with the format of the output so I'm a little confused to see the actions/setup-go still in here... perhaps that's not expected / desired and we'll need to regenerate this file after bumping the non-test-fixture references to actions/setup-go to the latest?
3378db5 to
69b6b89
Compare
The smoke test fixture (
.github/workflows/i-am-a-smoke-test.yml) previously usedactions/setup-go, which is also used in real CI workflows (smoke.yml, cache-all.yml, etc.). This caused Dependabot to open PRs like #160 that conflicted with the smoke test's intentionally-pinned version.At the time, we ignored them:
However, that's now a problem because the latest version of
actions/setup-gohas a caching update that would be nice to have:So I've unignored that dependency:
However, this will try to update our test workflow, which we do not want.
So instead, let's:
actions/setup-gowithactions/setup-pythonin the smoke test fixture, sinceactions/setup-pythonisn't used in any real workflowsmoke-actionstestdependabot.ymlfor all three test fixture actions (actions/setup-python,actions/setup-ruby,actions/setup-node) to prevent Dependabot from proposing updates to intentionally-pinned dependencies