Renovate submitting a PR for digest update #643
Comments
|
@algomaster99 @khaes-kth The only surefire way I've found to make Renovate behave like we want (i.e. use digests but pin to tag versions) is to add a comment on each line specifying a GitHub Action like so: The In Spoon, we get updates like this: INRIA/spoon#4304. That's optimal, because we get the security of pinning to a digest, and the stability of pinning to specific tag versions. |
|
Interesting. What do you think @algomaster99 ? Should we give it a try? |
@slarse I am not sure what this will do. Does pinning mean that renovate will never update the action beyond the major version specified in the tag? I think we want renovate to suggest update whenever a commit is tagged (a new release is out).
Yes, I am just trying to understand how renovate works. It is not clear to me what they say on the docs. |
This is what happens. See for example INRIA/spoon#4316 |
So maybe we should not configure it for sorald. I can manually pin all the actions. It's a one-time task anyway. |
Renovate submitted a #624 for updating
actions/checkoutto the latest commit. Let us prevent that. I configured what @slarse did here, but I am unsure why it wouldn't work. I found a comment relevant to this issue. We could try it even though the comment could be dated (it was posted on Nov'18).The docs are a bit unclear because the options are just written in a list, and there is no explanation of how they are nested together.
EDIT: I found the schema: https://docs.renovatebot.com/renovate-schema.json.
The text was updated successfully, but these errors were encountered: