Conversation
Inspired by https://github.com/rugk/awesome-emoji-picker/blob/main/.github/workflows/webext-lint.yml As far as I see you don't run that anywhere else, so may this be a good idea? Same as ajayyy/DeArrow#187
|
Warnings will need to be dealt with before merging. |
|
the v1 tag also seems to be built in 2019 which iirc is at least one breaking GHA version behind - should probably convert to locked commit |
|
Well dependabot can handle GitHub Actions and upgrade them (though I don't know if it automatically does as by your config)… then you can easily use version numbers instead of commits. |
|
dependabot hasn't triggered for our actions before and I don't trust it..., either way the tag is outdated and we've already set a precedence of locking by commit |
Well that is because you have not enabled it (respectively only for security updates), see ajayyy/DeArrow#179. With a YAML configuration you can exactly control what is updated and e.g. also only enable it for GitHub Actions. See https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file for an example. |
| - uses: actions/checkout@v3 | ||
|
|
||
| - name: "web-ext lint" | ||
| uses: kewisch/action-web-ext@v1 |
There was a problem hiding this comment.
| uses: kewisch/action-web-ext@v1 | |
| uses: kewisch/action-web-ext@cb8a694 |
Like this or what do you want here?
3 participants
Inspired by https://github.com/rugk/awesome-emoji-picker/blob/main/.github/workflows/webext-lint.yml
As far as I see you don't run that anywhere else, so may this be a good idea?
Same as ajayyy/DeArrow#187
To test this pull request, follow the instructions in the wiki.