-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checkout: Update all workflows to use Checkout V4 #2465
base: main
Are you sure you want to change the base?
Conversation
@@ -29,7 +29,7 @@ jobs: | |||
|
|||
runs-on: ubuntu-latest | |||
steps: | |||
- uses: actions/checkout@v2 | |||
- uses: actions/checkout@v4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Often such changes won't trigger conflicts as long as the changes are identical.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll go ahead and mark this resolved. 🔰 Sorry for the confusion.
TL;DR:
🙊 unfortunately my changes move this line while changing it so I was worried about it.
🩹 Luckily when I tested it locally there was no issue here (when merging yours before mine, only an unrelated rebase was needed)
Script used to test and confirm:
cd /tmp
git clone https://github.com/actions/starter-workflows.git
cd ./starter-workflows
# add your fork from PR 2465
git remote add -t bump-actions -m main jsoref https://github.com/jsoref/starter-workflows.git
# add my fork from PR 2497
git remote add -t patch-1 -m main reactive-firewall https://github.com/reactive-firewall/starter-workflows.git
# fetch local copies of the forks
git fetch --all
checkout bump-actions
checkout patch-1
checkout main
# rebase fork from PR 2465 (and resolve with mains copy)
git rebase main bump-actions
git checkout main -- deployments/google-cloudrun-docker.yml # this is not modified in my PR so exact resolution does not matter
git checkout main -- deployments/google-cloudrun-source.yml # this is not modified in my PR so exact resolution does not matter
git rebase --continue
# make sure we are on main (the target branch of both PRs)
git checkout main
git merge bump-actions main # works now with rebase
git merge patch-1 main # no conflict in code-scanning/bandit.yml :tada:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No worries and thanks for testing. I know that sometimes it works but didn't have the energy to do the testing myself.
It mostly doesn't matter, I'm very comfortable rebasing such changes and wouldn't mind doing so if someone from github said that they were ready to actually look at the PR and that it had conflicts.
0cd8a0e
to
7028539
Compare
@alexisabril is there a chance of someone looking this anytime soon? |
Workflows should be using checkout v4 (roughly https://github.com/actions/checkout/releases/tag/v4.0.0, plus later updates). It doesn't have breaking changes. A bunch of workflows in this repository are already using it. There's no reason to inconsistently use v3/v4.
Apparently I missed a couple in #2270
Pre-requisites
Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.
Tasks
For all workflows, the workflow:
.yml
file with the language or platform as its filename, in lower, kebab-cased format (for example,docker-image.yml
). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").GITHUB_TOKEN
so that the workflow runs successfully.For CI workflows, the workflow:
ci
directory.ci/properties/*.properties.json
file (for example,ci/properties/docker-publish.properties.json
).push
tobranches: [ $default-branch ]
andpull_request
tobranches: [ $default-branch ]
.release
withtypes: [ created ]
.docker-publish.yml
).For Code Scanning workflows, the workflow:
code-scanning
directory.code-scanning/properties/*.properties.json
file (for example,code-scanning/properties/codeql.properties.json
), with properties set as follows:name
: Name of the Code Scanning integration.creator
: Name of the organization/user producing the Code Scanning integration.description
: Short description of the Code Scanning integration.categories
: Array of languages supported by the Code Scanning integration.iconName
: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in theicons
directory.push
tobranches: [ $default-branch, $protected-branches ]
andpull_request
tobranches: [ $default-branch ]
. We also recommend aschedule
trigger ofcron: $cron-weekly
(for example,codeql.yml
).Some general notes:
actions
organization, or