ruby-changes:74034
From: Takashi <ko1@a...>
Date: Mon, 17 Oct 2022 14:51:10 +0900 (JST)
Subject: [ruby-changes:74034] b7de04d161 (master): Disable dependabot for auto-request-review for now
https://git.ruby-lang.org/ruby.git/commit/?id=b7de04d161 From b7de04d161726fbb277eaa95fb0d658dbb6a9536 Mon Sep 17 00:00:00 2001 From: Takashi Kokubun <takashikkbn@g...> Date: Sun, 16 Oct 2022 22:47:49 -0700 Subject: Disable dependabot for auto-request-review for now because you have to manually update the version tag comment. It feels unsafe to trust third party git tags when you need to pass MATZBOT_GITHUB_TOKEN to it. Git commit sha alone isn't human-readable and I'm reluctant to remove the comment either. It doesn't seem worth the effort to review changes for every release of this action. --- .github/dependabot.yml | 3 +++ .github/workflows/auto_request_review.yml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b18fd29357..97adcabffe 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,6 @@ updates: https://github.com/ruby/ruby/blob/trunk/.github/dependabot.yml#L4 directory: '/' schedule: interval: 'weekly' + ignore: + # It doesn't update the version comment for us + - dependency-name: 'necojackarc/auto-request-review' diff --git a/.github/workflows/auto_request_review.yml b/.github/workflows/auto_request_review.yml index d499a84d5a..8275927fd3 100644 --- a/.github/workflows/auto_request_review.yml +++ b/.github/workflows/auto_request_review.yml @@ -8,7 +8,7 @@ jobs: https://github.com/ruby/ruby/blob/trunk/.github/workflows/auto_request_review.yml#L8 runs-on: ubuntu-latest steps: - name: Request review based on files changes and/or groups the author belongs to - uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.7.0, checking sha + uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.8.0, checking sha with: # scope: public_repo token: ${{ secrets.MATZBOT_GITHUB_TOKEN }} -- cgit v1.2.3 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/