stevedlawrence commented on code in PR #1413:
URL: https://github.com/apache/daffodil-vscode/pull/1413#discussion_r2345217777
##########
.github/workflows/documentaion.yml:
##########
@@ -23,6 +23,9 @@ on:
- "update/**" # scala-steward PRs/branches
pull_request:
types: [opened, edited, synchronize, reopened]
+ branches-ignore:
Review Comment:
Should this remove the `push` event so this is only triggered on
`pull_request` events? Otherwise the action will also be triggered when merged
into main, and that action won't have a PR body to inspect and will fail. You
can see that the latest commit merged into main failed because of that.
##########
.github/workflows/documentaion.yml:
##########
@@ -23,6 +23,9 @@ on:
- "update/**" # scala-steward PRs/branches
pull_request:
types: [opened, edited, synchronize, reopened]
+ branches-ignore:
+ - "dependabot/**" # dependabot PRs/branches
+ - "update/**" # scala-steward PRs/branches
jobs:
enforce-checkbox:
Review Comment:
I noticed that this depends on `actions/github-script@v7`. It's good
practice (and recommended by ASF infra) to use commit hashes instead of tags so
they are pinned to a specific commit. Tags can change so updates could
accidentally break things, and it avoids potential issues if a repository is
compromised.
I'd suggest we open a ticket to update all the actions to use commit hashes.
Note that dependabot/scala-steward know how to update hashes and includes a
comment about what tag is represented by the hash. See the
release-candidate.yml workflow or the workflows in daffodil or daffodil-sbt for
examples.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
