Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rebuild dist and release #157

Closed
jkroepke opened this issue Dec 20, 2022 · 7 comments
Closed

Rebuild dist and release #157

jkroepke opened this issue Dec 20, 2022 · 7 comments
Assignees
@mdgreenwald

Comments

@jkroepke
Copy link
Contributor

In #153 and #144 packages are upgrade without rebuilding dist/index.js. In fact, the source does not match the executed action js file.

Currently, I'm experiencing warnings like

The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

By updating @action/core to 1.10 should fix that issue, but it seems like dist/index.js still using an outdated dependency.
@mdgreenwald
Copy link
Owner

Hi @jkroepke , You are correct. I generally try to merge in updates to main over time and let them accumulate before cutting a release. The exception I make are security vulnerabilities and bug fixes, those I will usually cut a release for as soon as I am able.

@mdgreenwald mdgreenwald self-assigned this Dec 21, 2022
@mdgreenwald
Copy link
Owner

#159

@mdgreenwald
Copy link
Owner

@jkroepke https://github.com/mdgreenwald/mozilla-sops-action/releases/tag/v1.4.0

@schlomo
Copy link

schlomo commented Jan 3, 2023

Is there a way to make mdgreenwald/mozilla-sops-action@latest also work?

@mdgreenwald
Copy link
Owner

@schlomo Not consistently.

@schlomo
Copy link

schlomo commented Jan 4, 2023
edited
Loading

Can I suggest a completely different approach?

The problem I'm trying to solve is using latest SOPS without manual maintenance effort.

How about you start tracking the SOPS version in the version of the mdgreenwald/mozilla-sops-action action so that we can then use Dependabot to keep your action and SOPS up-to-date.

For example, mdgreenwald/[email protected] would denote version 1.4.0 of your action that defaults to install SOPS in version 3.7.3.

When SOPS releases a new version, e.g. 3.7.4, then you would also (automatically) update to mdgreenwald/[email protected] and Dependabot would be able to pick that up and offer me to update my workflows to the new release of SOPS.

Alternatively, unrelated to a new SOPS release you change something in this action then you would go and release a mdgreenwald/[email protected] version of this action. Again Dependabot would pick that up.

And finally, you could use a tag like v3 to denote SOPS v3 without caring about the details of SOPS minor/patch or the version of your action.

This way you might also circumvent the API rate limiting since this action would always query a pinned version of SOPS and not latest. Users who want to pin the SOPS version can do so if you provide a SOPS version tag, e.g. mdgreenwald/[email protected] and Dependabot would notify them of updates to the action.

What do you think @mdgreenwald?

@mdgreenwald
Copy link
Owner

I do not plan to change the tool in this way as it would be very limiting and would generate many versions. Instead I plan to fix the problematic API call, I merely need to find the time to do it. Alternatively as this is an Open Source project you are free to open a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mdgreenwald mdgreenwald

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schlomo @jkroepke @mdgreenwald