Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dependency-review-action, specifies a pre-release version #41

Closed
wants to merge 2 commits into from

Conversation

npushkarskii
Copy link

As suggested in actions/dependency-review-action#670 (comment) , using the specific pre-release version of the action might resolve the issue with licenses.

In the doc repo, we've been having many failed builds because of it.

Example of this issue:
https://github.com/coveo/doc_jekyll-public-site/actions/runs/8909727612/job/24467591900
image

@npushkarskii npushkarskii requested review from a team as code owners May 1, 2024 16:43
@npushkarskii npushkarskii changed the title dependency-review-action | specifies a pre-release version dependency-review-action, specifies a pre-release version May 1, 2024
@npushkarskii
Copy link
Author

@dblanchette I'm not sure what's causing all the tests here to fail 😢 Initially, there was a pipe character in the PR's title and I thought it messed with the paths; removing it didn't fix anything, though.

@npushkarskii
Copy link
Author

@dblanchette @jonapich @sysboy
Hey guys, just a kind follow-up :) Thank you!

@npushkarskii
Copy link
Author

@dblanchette @jonapich @sysboy
A gentle reminder comes again :)

@JPLachance
Copy link
Member

JPLachance commented May 22, 2024

Hello,

It's great that GitHub are finally looking at this issue and finally working on making our config file simpler, scalable.

While I understand that we might want to start using that pre-release version yesterday, I'm a bit against using a non-official non-released version of the action that would use a non-protected branch of that GitHub project.

One mistake in that GitHub project non-protected branch and the CI of Coveo would stop working for all Coveo projects.

I would wait for the official V5 release.

Now, if you want to take the risk in your projects, use the non-official version of the Action, nothing prevents you from doing it. Create your custom workflow file and simply stop invoking this workflow.

Does that make sense?

@JPLachance JPLachance self-assigned this May 22, 2024
@npushkarskii
Copy link
Author

@JPLachance Hey, thanks a lot for explaining your point of view. I expected that merging this PR would be undesirable because of the risks, but still, these were just MY thoughts. I wanted to hear from the maintainers, and now I've heard from you :)

I'll close this PR then.

@JPLachance JPLachance deleted the dependency-action-license-fix branch May 22, 2024 20:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants