You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@beam.apache.org by GitBox <gi...@apache.org> on 2022/07/27 08:27:11 UTC
[GitHub] [beam] iemejia opened a new pull request, #22467: Fix #22466 Add github actions dependency updates with dependabot
iemejia opened a new pull request, #22467:
URL: https://github.com/apache/beam/pull/22467
R: @damccorm @pabloem
**Please** add a meaningful description for your change here
------------------------
Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:
- [ ] [**Choose reviewer(s)**](https://beam.apache.org/contribute/#make-your-change) and mention them in a comment (`R: @username`).
- [ ] Mention the appropriate issue in your description (for example: `addresses #123`), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment `fixes #<ISSUE NUMBER>` instead.
- [ ] Update `CHANGES.md` with noteworthy changes.
- [ ] If this contribution is large, please file an Apache [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
See the [Contributor Guide](https://beam.apache.org/contribute) for more tips on [how to make review process smoother](https://beam.apache.org/contribute/#make-reviewers-job-easier).
To check the build health, please visit [https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md](https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md)
GitHub Actions Tests Status (on master branch)
------------------------------------------------------------------------------------------------
[](https://github.com/apache/beam/actions?query=workflow%3A%22Build+python+source+distribution+and+wheels%22+branch%3Amaster+event%3Aschedule)
[](https://github.com/apache/beam/actions?query=workflow%3A%22Python+Tests%22+branch%3Amaster+event%3Aschedule)
[](https://github.com/apache/beam/actions?query=workflow%3A%22Java+Tests%22+branch%3Amaster+event%3Aschedule)
See [CI.md](https://github.com/apache/beam/blob/master/CI.md) for more information about GitHub Actions CI.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
damccorm commented on PR #22467:
URL: https://github.com/apache/beam/pull/22467#issuecomment-1196630125
The only exception to that is that infra does allow actions from the github/actions org automatically. So if we wanted, we could turn it on just for those actions (which would mostly just be the setup-* actions)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] iemejia closed pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
iemejia closed pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
URL: https://github.com/apache/beam/pull/22467
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] github-actions[bot] commented on pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #22467:
URL: https://github.com/apache/beam/pull/22467#issuecomment-1208048163
Reminder, please take a look at this pr: @damccorm
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] iemejia commented on pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
iemejia commented on PR #22467:
URL: https://github.com/apache/beam/pull/22467#issuecomment-1211209089
Thanks for the review. I pushed it manually just with the extra suggested comment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] iemejia commented on pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
iemejia commented on PR #22467:
URL: https://github.com/apache/beam/pull/22467#issuecomment-1200497020
Ok I let only the actions from github. I suppose most of them should be already enable for the org and otherwise we might request them. WDYT? Should we give it a try?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] github-actions[bot] commented on pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #22467:
URL: https://github.com/apache/beam/pull/22467#issuecomment-1196461384
Assigning reviewers. If you would like to opt out of this review, comment `assign to next reviewer`:
R: @damccorm for label build.
Available commands:
- `stop reviewer notifications` - opt out of the automated review tooling
- `remind me after tests pass` - tag the comment author after tests pass
- `waiting on author` - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)
The PR bot will only process comments in the main thread (not review comments).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] iemejia commented on pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
iemejia commented on PR #22467:
URL: https://github.com/apache/beam/pull/22467#issuecomment-1198127867
I see, a pity that this requires to contact INFRA for simple maintenance. What about the approved actions from other vendors (not github) Can we add those too or do they mind about versions too?
I created a list to enable updates, let me know what you think. Worse case we let only the github ones that are the majority of what Beam currently uses (70 of 91).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on a diff in pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
damccorm commented on code in PR #22467:
URL: https://github.com/apache/beam/pull/22467#discussion_r940868705
##########
.github/dependabot.yml:
##########
@@ -42,3 +42,10 @@ updates:
- dependency-name: "com.google.api.grpc:grpc-*"
- dependency-name: "com.google.http-client:*"
- dependency-name: "com.google.apis:google-api-services-*"
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ allow:
+ # Allow all official github actions
Review Comment:
Optional - might be helpful to specifically call out the approval limitation for future readers
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] damccorm commented on pull request #22467: Fix #22466 Add github actions dependency updates with dependabot
Posted by GitBox <gi...@apache.org>.
damccorm commented on PR #22467:
URL: https://github.com/apache/beam/pull/22467#issuecomment-1198193663
> What about the approved actions from other vendors (not github) Can we add those too or do they mind about versions too?
I'm not 100% sure if its enforced across the board, but AFAIK we would need to request an exception for each of those. It might be worth opening an Infra ticket to ask if they can be permanently allowed, but otherwise I'd vote we just keep it to GitHub for now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org