[WIP] github: protect the version of actions/checkout used in build-compat job by masatake · Pull Request #3894 · util-linux/util-linux

masatake · 2025-12-04T19:35:04Z

Updating action/checkout proposed by the dependabot has caused troubles:
5756e7b,
561f0bb, and
2af05e8.

This change places the original job in a separate file and adds that file to the exclude list.

masatake · 2025-12-04T19:40:05Z

The name looks too long.

masatake · 2025-12-04T20:48:59Z

I'm not sure what this should be.

karelzak · 2025-12-08T09:33:43Z

+    # update the versions in your source tree. If your actions are in
+    # a separate file, you can add that file to Dependabot's exclude
+    # list.
+    name: call with ${{ matrix.image }}


Why the name is not build ${{ matrix.image }} like we have in other places?

It seems the final name is created (merged) from both names, which means:
build-compat.yml:name / cibuild.yml:call-build-compat:name.

Maybe the cibuild.yml:call-build-compat:name does not have to be set at all. Did you try it?

If I don't set cibuild.yml:call-build-compat:name and set ${{ inputs.image }} to build-compat.yml:name, we get call-build-compat (ubuntu:18.04) / ubuntu:18.04 (pull_request). See the update commit.

karelzak · 2025-12-08T10:12:22Z

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/controlling-dependencies-updated

Would it be possible to use in .github/dependabot.yml

ignore:
  - dependency-name: "actions/checkout*"
  - versions: ["v1"]

But I'm absolutely not sure which part of the configuration is the dependency-name we need to address (maybe it's the 'name:` field in the actions). Dependbot supports an 'ignore:' option to exclude certain things, but ...

Updating action/checkout proposed by the dependabot has caused troubles: 5756e7b, 561f0bb, and 2af05e8. This change places the original job in a separate file and adds that file to the exclude list. Signed-off-by: Masatake YAMATO <yamato@redhat.com>

masatake · 2025-12-10T21:20:53Z

ignore:
  - dependency-name: "actions/checkout*"
  - versions: ["v1"]

OK. I will try the way that modifies only dependabot.yml file in my repository.

masatake changed the title ~~github: protect the build-compat job from dependabot~~ [WIP] github: protect the build-compat job from dependabot Dec 4, 2025

masatake force-pushed the ci--protect-build-compat-from-dependabot branch from 62d3a6d to 84379a8 Compare December 4, 2025 20:35

masatake changed the title ~~[WIP] github: protect the build-compat job from dependabot~~ github: protect the version of actions/checkout used in build-compat job Dec 4, 2025

masatake force-pushed the ci--protect-build-compat-from-dependabot branch from 84379a8 to 09325d5 Compare December 4, 2025 20:36

masatake marked this pull request as ready for review December 4, 2025 20:37

masatake force-pushed the ci--protect-build-compat-from-dependabot branch 3 times, most recently from 4180c47 to 0524919 Compare December 4, 2025 20:47

karelzak reviewed Dec 8, 2025

View reviewed changes

masatake force-pushed the ci--protect-build-compat-from-dependabot branch from 0524919 to c02d8ee Compare December 10, 2025 21:04

masatake force-pushed the ci--protect-build-compat-from-dependabot branch from c02d8ee to 14d9892 Compare December 10, 2025 21:07

masatake marked this pull request as draft December 10, 2025 21:21

masatake changed the title ~~github: protect the version of actions/checkout used in build-compat job~~ [WIP] github: protect the version of actions/checkout used in build-compat job Dec 10, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[WIP] github: protect the version of actions/checkout used in build-compat job#3894

[WIP] github: protect the version of actions/checkout used in build-compat job#3894
masatake wants to merge 1 commit into
util-linux:masterfrom
masatake:ci--protect-build-compat-from-dependabot

masatake commented Dec 4, 2025 •

edited

Loading

Uh oh!

masatake commented Dec 4, 2025

Uh oh!

masatake commented Dec 4, 2025

Uh oh!

karelzak Dec 8, 2025

Uh oh!

masatake Dec 10, 2025

Uh oh!

karelzak commented Dec 8, 2025

Uh oh!

masatake commented Dec 10, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

masatake commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

masatake commented Dec 4, 2025

Uh oh!

masatake commented Dec 4, 2025

Uh oh!

karelzak Dec 8, 2025

Choose a reason for hiding this comment

Uh oh!

masatake Dec 10, 2025

Choose a reason for hiding this comment

Uh oh!

karelzak commented Dec 8, 2025

Uh oh!

masatake commented Dec 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

masatake commented Dec 4, 2025 •

edited

Loading

masatake commented Dec 10, 2025 •

edited

Loading