Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: google-github-actions is out of date #306

Open
vevetron opened this issue Sep 10, 2024 · 3 comments
Open

Bug: google-github-actions is out of date #306

vevetron opened this issue Sep 10, 2024 · 3 comments

Comments

@vevetron
Copy link
Contributor

Describe the bug
During a PR the lint and test shows this error:

"The v0 series of google-github-actions/setup-gcloud is no longer maintained. It will not receive updates, improvements, or security patches. Please upgrade to the latest supported versions: "

https://github.com/cal-itp/reports/actions/runs/10781816640

To Reproduce
Start a PR

Expected behavior
Github is not complaining to you.
@thekaveman
Copy link
Member

I suggest adding a dependabot.yml configuration to allow GitHub to send you PRs for these kind of updates.

Dependabot can handle Python packages, NPM packages, GitHub Action steps, and more. Here's an example from the Benefits repo: https://github.com/cal-itp/benefits/blob/main/.github/dependabot.yml

Docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates

@vevetron
Copy link
Contributor Author

Didn't you already do that? Or do we need to do more?
https://github.com/cal-itp/.github/blob/2e47c718f18d2fa4930641650099f5d80aac4995/workflow-templates/add-to-project-dependabot.yml
https://github.com/cal-itp/.github/blob/2e47c718f18d2fa4930641650099f5d80aac4995/workflow-templates/add-to-project-dependabot.properties.json

@thekaveman
Copy link
Member

thekaveman commented Sep 11, 2024
edited
Loading

Those links are for a workflow template that can be used in other Cal-ITP repositories, but it doesn't actually apply unless added to the given repo.

And further, that workflow is about adding a PR that Depedabot created to a Project Board in GitHub. The workflow doesn't activate or configure Dependabot in any way.

Dependabot is configured on a per-repository basis (since languages and dependency environments can be different from one repo to the next).

I saw some Dependabot PRs come in on this repo earlier, so it looks like it was at least partially configured. I'd still recommend using the dependabot.yml file for configuration -- that way it is tracked in source control and clear to any viewer of the repo (vs. the Settings/UI configuration, only available to repo admins, and changes are not tracked).

@vevetron vevetron mentioned this issue Dec 16, 2024
Closed
@vevetron vevetron marked this as a duplicate of #326 Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thekaveman @vevetron