Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump setup-swift and re-configure dependabot #1560

Merged
merged 4 commits into from
Mar 6, 2023
Merged

Bump setup-swift and re-configure dependabot #1560

merged 4 commits into from
Mar 6, 2023

Conversation

angelapwen
Copy link
Contributor

@angelapwen angelapwen commented Mar 3, 2023
edited
Loading

Our Swift extractor is now using Swift v5.7.3, but our setup-swift version was pinned to a prior version that doesn't support v5.7.3, so our CI is failing.

This change bumps setup-swift to its most recent release commit SHA (https://github.com/swift-actions/setup-swift/releases/tag/v1.22.0).

It also adds a new entry to the dependabot.yml file because Dependabot should have bumped this version — setup-swift v1.22.0 was released two weeks ago and we run Dependabot checks weekly. Per the dependabot maintainers, the filepath needed is the root of the repo (/.github/workflows is specially cased under /).

We also add a comment reminding the next person who approves a Dependabot update to manually update the SHA in the CLI's CodeQL Action Integration Test. (Note that we should also replicate the logic of finding the appropriate Swift version in the CLI's integration test).

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
  • Confirm the changelog has been updated if necessary.

@angelapwen angelapwen requested a review from a team as a code owner March 3, 2023 21:13
adityasharad
adityasharad previously approved these changes Mar 3, 2023
View reviewed changes
.github/dependabot.yml
@@ -15,3 +15,7 @@ updates:
directory: "/"
schedule:
interval: weekly
- package-ecosystem: github-actions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps comment here why we need this separately from the / pattern above. I understand / to mean "repo root and .github/workflows` and any other subdir needs explicit inclusion?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's correct 👍 will do

@angelapwen angelapwen enabled auto-merge (squash) March 3, 2023 21:29
@angelapwen angelapwen merged commit 6f079be into github:main Mar 6, 2023
@henrymercer henrymercer mentioned this pull request Mar 6, 2023
Merged
3 tasks
@github-actions github-actions bot mentioned this pull request Mar 10, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henrymercer henrymercer henrymercer approved these changes

@adityasharad adityasharad Awaiting requested review from adityasharad

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@angelapwen @adityasharad @henrymercer