-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot generated patch to update python setup-action from v3 to v4 did not work 😱 #435
Comments
Hello @thomas-mangin |
Hello @thomas-mangin. Thank you for your report. The logic for setup-python was changed that is why you need to provide python-version input explicitly. Besides, you can put a |
Looks to me like a duplicate of #433 , which I filed yesterday. Is it inappropriate to suggest pinning that issue? I included the "quick fix" at the bottom which I bet will save plenty of people time and frustration. |
@dmitry-shibanov I can do what you suggest, but, I did not "subscribe" to dependabot PRs. I was quite happy to remain on v3, I was also very happy on v2 until the previous PR, which worked... These patches were pushed my way, I did not subscribe to them. To be transparent, the first time I saw the first PR, I felt it was a bit forceful as there was no option to limit the number of requests sent, and I got one, and another, and another, more or less one a day. Therefore if there is an attempt to see developers embrace the bot, then the patches provided should apply without requiring any more work, otherwise, it is not helping but causing "noise" as I now have to close this PR which does not do what it is supposed to achieve: make it easy for me to update to v4. If the PRs are not going to be a one-click thing, then you are taking the risk to see people just silencing the bot and losing the benefit it provides to the community. If the patch is not going to apply it would be better to open an issue to inform the developer that v4 has been released and give them the option to unsubscribe from the notification (as can be done already). I appreciate all the work which is being put into this automation and I think it is a good idea: like many developers, I am not interested in the internal of the CI/CD pipeline, I just want it to work and forget about it, so making it easier to update is good. |
Uhm. No. Your repo, which you linked, has a dependabot config: You, or someone in your team, signed up for these. |
Thank you for this clarification, it looks like a case of copy and paste. Could I suggest to make it clear somewhere in the PR message that it is the reason why the update came as I could not figure it out easily. I wish you good continuation. |
Hi @thomas-mangin, Since the misunderstanding got resolved, I am going to close the issue. Feel free to continue the conversation. Cheers |
Description:
Dependabot attempted to update my python setup-action from version 3 to version 4.
The patch provided did break GitHub Actions and therefore can not be applied "as it".
Platform:
Runner type:
Tools version:
Python 3.7, 3.8, 3.9
Repro steps:
Exa-Networks/exabgp#1097
Expected behaviour:
A feeling of satisfaction pressing the "Merge pull request" and seeing everything update without having to think about how Github action works 😉
Actual behaviour:
The CI testing is failing:
Some checks were not successful
😢Hopefully this was the right way to report this.
The text was updated successfully, but these errors were encountered: