Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependabot generated patch to update python setup-action from v3 to v4 did not work 😱 #435

Closed
2 tasks done
thomas-mangin opened this issue Jun 14, 2022 · 7 comments
Closed
2 tasks done
Labels
bug Something isn't working

Comments

@thomas-mangin
Copy link

Description:

Dependabot attempted to update my python setup-action from version 3 to version 4.
The patch provided did break GitHub Actions and therefore can not be applied "as it".

Platform:

  • Ubuntu

Runner type:

  • Hosted

Tools version:

Python 3.7, 3.8, 3.9

Repro steps:

Exa-Networks/exabgp#1097

Expected behaviour:

A feeling of satisfaction pressing the "Merge pull request" and seeing everything update without having to think about how Github action works 😉

Actual behaviour:

The CI testing is failing: Some checks were not successful 😢

Hopefully this was the right way to report this.

@thomas-mangin thomas-mangin added bug Something isn't working needs triage labels Jun 14, 2022
@marko-zivic-93
Copy link
Contributor

Hello @thomas-mangin
Thank you for your report. We will investigate this issue and come back to you as soon as we have some news :)

@dmitry-shibanov
Copy link
Contributor

Hello @thomas-mangin. Thank you for your report. The logic for setup-python was changed that is why you need to provide python-version input explicitly. Besides, you can put a .python-version file in the root of your project or provide python-version-file input explicitly.

@sirosen
Copy link

sirosen commented Jun 14, 2022

Looks to me like a duplicate of #433 , which I filed yesterday.

Is it inappropriate to suggest pinning that issue? I included the "quick fix" at the bottom which I bet will save plenty of people time and frustration.

@thomas-mangin
Copy link
Author

@dmitry-shibanov I can do what you suggest, but, I did not "subscribe" to dependabot PRs. I was quite happy to remain on v3, I was also very happy on v2 until the previous PR, which worked...

These patches were pushed my way, I did not subscribe to them. To be transparent, the first time I saw the first PR, I felt it was a bit forceful as there was no option to limit the number of requests sent, and I got one, and another, and another, more or less one a day.
AFAIK v2 was still supported and not at risk to be withdrawn, so there was no rush for me to update. I had to come back to the repo day after day when it would have been nice to perform all the updates at once.

Therefore if there is an attempt to see developers embrace the bot, then the patches provided should apply without requiring any more work, otherwise, it is not helping but causing "noise" as I now have to close this PR which does not do what it is supposed to achieve: make it easy for me to update to v4.

If the PRs are not going to be a one-click thing, then you are taking the risk to see people just silencing the bot and losing the benefit it provides to the community. If the patch is not going to apply it would be better to open an issue to inform the developer that v4 has been released and give them the option to unsubscribe from the notification (as can be done already).

I appreciate all the work which is being put into this automation and I think it is a good idea: like many developers, I am not interested in the internal of the CI/CD pipeline, I just want it to work and forget about it, so making it easier to update is good.

@sirosen
Copy link

sirosen commented Jun 14, 2022

@dmitry-shibanov I can do what you suggest, but, I did not "subscribe" to dependabot PRs. I was quite happy to remain on v3, I was also very happy on v2 until the previous PR, which worked...

These patches were pushed my way, I did not subscribe to them.

Uhm. No. Your repo, which you linked, has a dependabot config:
https://github.com/Exa-Networks/exabgp/blob/f65df50b569a8fea409f885cddd4e20619c95cf3/.github/dependabot.yml#L1-L6

You, or someone in your team, signed up for these.

@thomas-mangin
Copy link
Author

Thank you for this clarification, it looks like a case of copy and paste.

Could I suggest to make it clear somewhere in the PR message that it is the reason why the update came as I could not figure it out easily.

I wish you good continuation.

@panticmilos
Copy link
Contributor

Hi @thomas-mangin,

Since the misunderstanding got resolved, I am going to close the issue. Feel free to continue the conversation.

Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants