DAOS-16872 cq: Bump isort/isort-action from 1.1.0 to 1.1.1 #15594
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [isort/isort-action](https://github.com/isort/isort-action) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/isort/isort-action/releases) - [Changelog](https://github.com/isort/isort-action/blob/master/CHANGELOG.md) - [Commits](isort/isort-action@f14e57e...24d8a7a) --- updated-dependencies: - dependency-name: isort/isort-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
|
Stopped Jenkins CI since this only modifies GHA |
|
Ticket title is 'Dependabot GHA updates 2024-12-11' |
Skip-build: true Required-githooks: true Signed-off-by: Dalton Bohning <[email protected]>
daltonbohning
changed the title
Skip-build: true Required-githooks: true Signed-off-by: Dalton Bohning <[email protected]>
phender
previously approved these changes
Dec 11, 2024
.github/workflows/linting.yml
Outdated
Comment on lines
23
to
30
| - name: Checkout code | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| - name: Set up Python environment | ||
| uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | ||
| with: | ||
| python-version: '3' |
There was a problem hiding this comment.
Aren't these duplicating these lines below:
daos/.github/workflows/linting.yml
Lines 33 to 38 in e7ad8cb
There was a problem hiding this comment.
Yep :( Looks like I did a "copy" instead of "cut"
Skip-build: true Required-githooks: true Signed-off-by: Dalton Bohning <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| - uses: isort/isort-action@f14e57e1d457956c45a19c05a89cccdf087846e5 # v1.1.0 | ||
| - name: Install extra python packages | ||
| run: python3 -m pip install --requirement utils/cq/requirements.txt | ||
| - name: Run isort |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
There was a problem hiding this comment.
I'm not sure what this one is upset about. Maybe because it's python3 instead of 3.x?
There was a problem hiding this comment.
Ugh. They want us to use pip install --require-hashes, and then pin every SHA in the requirements file. Which e.g. would look like
flake8==7.1.1 --hash=sha256:597477df7860daa5aa0fdd84bf5208a043ab96b8e96ab708770ae0364dd03213
I think better to handle that separately since it's not just isort
There was a problem hiding this comment.
brianjmurrell
approved these changes
Dec 17, 2024
phender
approved these changes
Dec 20, 2024
daltonbohning
added
the
forced-landing
daltonbohning
deleted the
dependabot/github_actions/isort/isort-action-1.1.1
branch
daltonbohning
pushed a commit
that referenced
this pull request
Dec 20, 2024
- Bump github/codeql-action from 3.24.9 to 3.27.7 (#15589) - Bump github/codeql-action from 3.27.7 to 3.27.9 (#15618) - Bump thollander/actions-comment-pull-request from 2 to 3 (#15590) - Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 (#15591) - Bump codespell-project/actions-codespell to latest (#15592) - Bump EnricoMi/publish-unit-test-result-action from 1.17 to 2.7 (#15593) - Bump isort/isort-action from 1.1.0 to 1.1.1 (#15594) - Bump phoenix-actions/test-reporting from 10 to 15 (#15617) Skip-build: true Required-githooks: true Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Dalton Bohning <[email protected]> Signed-off-by: Brian J. Murrell <[email protected]> Signed-off-by: Dalton Bohning <[email protected]>
daltonbohning
pushed a commit
that referenced
this pull request
Jan 7, 2025
- Bump github/codeql-action from 3.24.9 to 3.27.7 (#15589) - Bump github/codeql-action from 3.27.7 to 3.27.9 (#15618) - Bump github/codeql-action from 3.27.9 to 3.28.0 (#15662) - Bump thollander/actions-comment-pull-request from 2 to 3 (#15590) - Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 (#15591) - Bump codespell-project/actions-codespell to latest (#15592) - Bump EnricoMi/publish-unit-test-result-action from 1.17 to 2.7 (#15593) - Bump EnricoMi/publish-unit-test-result-action from 2.7.0 to 2.18.0 (#15660) - Bump isort/isort-action from 1.1.0 to 1.1.1 (#15594) - Bump phoenix-actions/test-reporting from 10 to 15 (#15617) - Bump actions/setup-python from 5.1.0 to 5.3.0 (#15661) Run-GHA: true Test-tag: always_passes Required-githooks: true Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Dalton Bohning <[email protected]>
18 tasks
daltonbohning
added a commit
that referenced
this pull request
Jan 10, 2025
- Bump github/codeql-action from 3.24.9 to 3.27.7 (#15589) - Bump github/codeql-action from 3.27.7 to 3.27.9 (#15618) - Bump github/codeql-action from 3.27.9 to 3.28.0 (#15662) - Bump thollander/actions-comment-pull-request from 2 to 3 (#15590) - Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 (#15591) - Bump codespell-project/actions-codespell to latest (#15592) - Bump EnricoMi/publish-unit-test-result-action from 1.17 to 2.7 (#15593) - Bump EnricoMi/publish-unit-test-result-action from 2.7.0 to 2.18.0 (#15660) - Bump isort/isort-action from 1.1.0 to 1.1.1 (#15594) - Bump phoenix-actions/test-reporting from 10 to 15 (#15617) - Bump actions/setup-python from 5.1.0 to 5.3.0 (#15661) Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Dalton Bohning <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps isort/isort-action from 1.1.0 to 1.1.1.
Release notes
Sourced from isort/isort-action's releases.
Changelog
Sourced from isort/isort-action's changelog.
... (truncated)
Commits
24d8a7aRelease v1.1.1 (#100)e6ee1f2Capture both stdout and stderr of isort command (#99)314ebe9Support running on MacOS Runners (#98)abb0df9Update versions (#97)3e10211Install packages in a virtualenv (#96)f5c0654Bump mvdan/shfmt from v3.8.0 to v3.9.0 in /.github/linting (#92)652dde0Update docker compose command (#93)e2c21acBump koalaman/shellcheck from v0.9.0 to v0.10.0 in /.github/linting (#89)5cb63b9Bump yamllint from 1.35.0 to 1.35.1 in /.github/linting (#88)5a0af1dBump yamllint from 1.34.0 to 1.35.0 in /.github/linting (#87)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)