Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure dependabot doesn't break over time #126

Merged
merged 1 commit into from
Nov 25, 2024
Merged

Conversation

infinisil
Copy link
Member

@infinisil infinisil commented Nov 7, 2024

The automated GitHub workflow updates were broken for some time due to dependabot's images fetched at runtime went out of sync with the binary.

While updating dependabot fixed it for now, a more permanent fix is to use the version of dependabot that pins the images at build time, introduced in
NixOS/nixpkgs#352866 and NixOS/nixpkgs#354085

We still need to wait for the next channel update for the latter PR (https://nixpk.gs/pr-tracker.html?pr=354085) and then update the pinned Nixpkgs (https://github.com/NixOS/nixpkgs-vet/actions/workflows/update.yml) before we can merge this, but by having it open we shouldn't forget about it.

@willbush willbush self-requested a review November 8, 2024 11:19
@infinisil infinisil changed the title Fix dependabot updates Ensure dependabot doesn't break over time Nov 25, 2024
@infinisil infinisil marked this pull request as ready for review November 25, 2024 20:36
The automated GitHub workflow updates were broken for some time due to dependabot's images fetched
at runtime went out of sync with the binary.

While updating dependabot fixed it for now, a more permanent fix is to use the version of dependabot
that pins the images at build time, introduced in
NixOS/nixpkgs#352866 and NixOS/nixpkgs#354085
@infinisil
Copy link
Member Author

Turns out updates already work: #130 (comment), I updated the description and title to reflect that :)

@philiptaron philiptaron merged commit 700a0b2 into main Nov 25, 2024
3 checks passed
@philiptaron philiptaron deleted the fix-dependabot branch November 25, 2024 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants