From f9a0d04400fd60fce6a97519d55695a1f71b133a Mon Sep 17 00:00:00 2001 From: Jack Green Date: Mon, 18 Nov 2024 10:05:04 +0000 Subject: [PATCH] Replace (broken) `action-updater` workflow with Dependabot In https://github.com/hazelcast/hz-docs/pull/1024 an action was added to check GitHub Actions dependencies for updated versions, and raise PRs to fix if identified. This action [has been failing](https://github.com/hazelcast/hz-docs/actions/workflows/action-updater.yml) for 6 months due to a token issue. [Based on the PRs it _previously_ created](https://github.com/hazelcast/hz-docs/pull/1024), it's looks to have used a former users' token which has since lost permissions. Although [`github-actions-version-updater`] offers some additional functionality over Dependabot (e.g. updating via SHA), for _our_ configuration this isn't required. As such we can use Dependabot instead and require no such token configuration. Post-merge actions: - [ ] remove the `ACTION_UPDATER` secret --- .github/dependabot.yml | 6 ++++++ .github/workflows/action-updater.yml | 28 ---------------------------- 2 files changed, 6 insertions(+), 28 deletions(-) create mode 100644 .github/dependabot.yml delete mode 100644 .github/workflows/action-updater.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5ace4600 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/action-updater.yml b/.github/workflows/action-updater.yml deleted file mode 100644 index 3540ea40..00000000 --- a/.github/workflows/action-updater.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: GitHub Actions Version Updater - -# Controls when the action will run. -on: - # can be used to run workflow manually - workflow_dispatch: - schedule: - # Automatically run on every Sunday - - cron: '0 0 * * 0' - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - # [Required] Access token with `workflow` scope. - token: ${{ secrets.ACTION_UPDATER }} - - - name: Run GitHub Actions Version Updater - uses: saadmk11/github-actions-version-updater@v0.8.1 - with: - # [Required] Access token with `workflow` scope. - token: ${{ secrets.ACTION_UPDATER }} - committer_username: 'serdaro' - commit_message: 'Review updated action versions' - pull_request_title: 'Updated action versions' \ No newline at end of file