Skip to content

Disable validation for dependabot#23

Closed
crazy-max wants to merge 2 commits intodocker:masterfrom
crazy-max:master
Closed

Disable validation for dependabot#23
crazy-max wants to merge 2 commits intodocker:masterfrom
crazy-max:master

Conversation

@crazy-max
Copy link
Copy Markdown
Member

@crazy-max crazy-max commented Sep 24, 2020
edited
Loading

Ref. https://github.com/docker/setup-buildx-action/runs/1161567962?check_suite_focus=true#step:3:160
Dependabot can't update index.js by itself. I remove this validation for now.
Or maybe we could skip this job if triggered by Dependabot?

Signed-off-by: CrazyMax crazy-max@users.noreply.github.com

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Sep 24, 2020
edited
Loading

Codecov Report

Merging #23 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #23   +/-   ##
=======================================
  Coverage   77.39%   77.39%           
=======================================
  Files           5        5           
  Lines         115      115           
  Branches       20       20           
=======================================
  Hits           89       89           
  Misses         19       19           
  Partials        7        7

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cf09c5c...5f99da7. Read the comment docs.

@tonistiigi
Copy link
Copy Markdown
Member

tonistiigi commented Sep 24, 2020

I'm not sure why we would ever want the repo to be in an inconsistent state. If index.js is not updated people will get the wrong version so it is even worse than having an older dependency in package.json.

@tonistiigi
Copy link
Copy Markdown
Member

tonistiigi commented Sep 24, 2020

If dependabot can't actually update dependencies correctly then isn't the correct workflow to let it open a PR and if it fails validation then fix it manually before merging. (Could be automated of course but don't think all this is worth it).

@crazy-max
Disable validation for dependabot
f189bae 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
@crazy-max
Update generated content
5f99da7 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
@crazy-max crazy-max changed the title Disable yarn validation Disable validation for dependabot Sep 24, 2020
@crazy-max
Copy link
Copy Markdown
Member Author

crazy-max commented Sep 24, 2020
edited
Loading

@tonistiigi

If dependabot can't actually update dependencies correctly then isn't the correct workflow to let it open a PR and if it fails validation then fix it manually before merging. (Could be automated of course but don't think all this is worth it).

Auto merging to a Dependabot PR can break the underlying workflow used by GitHub for Dependabot unfortunately.

I've updated this PR to only disable the "validate" target if the event is triggered by Dependabot for now.

@crazy-max
Copy link
Copy Markdown
Member Author

crazy-max commented Sep 28, 2020

@tonistiigi I close this PR. When there are new updates to Dependabot we will update the content generated in case of an error directly on the branch created by Dependabot.

@crazy-max crazy-max closed this Sep 28, 2020
@crazy-max crazy-max mentioned this pull request Sep 28, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi Awaiting requested review from tonistiigi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@crazy-max @codecov-commenter @tonistiigi