Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for github-actions updates every week #25075

Merged
merged 1 commit into from
Feb 16, 2023
Merged

Check for github-actions updates every week #25075

merged 1 commit into from
Feb 16, 2023

Conversation

arkq
Copy link
Contributor

@arkq arkq commented Feb 15, 2023

Problem

There is no automatic check for used github-actions updates. External actions might contain vulnerabilities, so it's better to keep track of any updates.

Changes

  • added dependabot config for github-actions
  • use only major version number for haya14busa/action-cond action constraint

@github-actions
Copy link

PR #25075: Size comparison from a6d2883 to 8a064d6

Full report (3 builds for k32w)
platform target config section a6d2883 8a064d6 change % change
k32w contact k32w0+release (read/write) 668916 668916 0 0.0
.bss 77644 77644 0 0.0
.data 2200 2200 0 0.0
.text 569960 569960 0 0.0
light k32w0+release (read/write) 667764 667764 0 0.0
.bss 77340 77340 0 0.0
.data 2188 2188 0 0.0
.text 569124 569124 0 0.0
lock k32w0+release (read/write) 624576 624576 0 0.0
.bss 75476 75476 0 0.0
.data 2132 2132 0 0.0
.text 544240 544240 0 0.0

@yufengwangca
Copy link
Contributor

Could you explain what this automatic check is used for?

@arkq
Copy link
Contributor Author

arkq commented Feb 15, 2023

It's a dependabot config for checking github action dependencies (actions referenced in uses:). See this: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

tl;dr; dependabot will raise PRs for actions which can be upgraded

@yufengwangca yufengwangca merged commit 09346fa into project-chip:master Feb 16, 2023
@arkq arkq deleted the gh-actions-dependabot branch February 16, 2023 18:36
lecndav pushed a commit to lecndav/connectedhomeip that referenced this pull request Mar 22, 2023
@arkq
Check for github-actions updates every week (project-chip#25075)
26fb27a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amitnj amitnj Awaiting requested review from amitnj

@andy31415 andy31415 Awaiting requested review from andy31415

@anush-apple anush-apple Awaiting requested review from anush-apple

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@emargolis emargolis Awaiting requested review from emargolis

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@harimau-qirex harimau-qirex Awaiting requested review from harimau-qirex

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@hawk248 hawk248 Awaiting requested review from hawk248

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@jmeg-sfy jmeg-sfy Awaiting requested review from jmeg-sfy

@jtung-apple jtung-apple Awaiting requested review from jtung-apple

@kkasperczyk-no kkasperczyk-no Awaiting requested review from kkasperczyk-no

@ksperling-apple ksperling-apple Awaiting requested review from ksperling-apple

@lazarkov lazarkov Awaiting requested review from lazarkov

@lpbeliveau-silabs lpbeliveau-silabs Awaiting requested review from lpbeliveau-silabs

@LuDuda LuDuda Awaiting requested review from LuDuda

@mlepage-google mlepage-google Awaiting requested review from mlepage-google

@msandstedt msandstedt Awaiting requested review from msandstedt

@pjzander-signify pjzander-signify Awaiting requested review from pjzander-signify

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tcarmelveilleux tcarmelveilleux Awaiting requested review from tcarmelveilleux

@tecimovic tecimovic Awaiting requested review from tecimovic

@tehampson tehampson Awaiting requested review from tehampson

@turon turon Awaiting requested review from turon

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

@yunhanw-google yunhanw-google Awaiting requested review from yunhanw-google

@bzbarsky-apple bzbarsky-apple Awaiting requested review from bzbarsky-apple

@yufengwangca yufengwangca Awaiting requested review from yufengwangca

Assignees
No one assigned
Labels
review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arkq @yufengwangca @bzbarsky-apple