Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Dependabot generated patch to update python setup-action from v3 to v4 did not work 😱
See original GitHub issueDescription:
Dependabot attempted to update my python setup-action from version 3 to version 4. The patch provided did break GitHub Actions and therefore can not be applied “as it”.
Platform:
- Ubuntu
Runner type:
- Hosted
Tools version:
Python 3.7, 3.8, 3.9
Repro steps:
https://github.com/Exa-Networks/exabgp/pull/1097
Expected behaviour:
A feeling of satisfaction pressing the “Merge pull request” and seeing everything update without having to think about how Github action works 😉
Actual behaviour:
The CI testing is failing: Some checks were not successful 😢
Hopefully this was the right way to report this.
Issue Analytics
- State:
- Created a year ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Uhm. No. Your repo, which you linked, has a dependabot config: https://github.com/Exa-Networks/exabgp/blob/f65df50b569a8fea409f885cddd4e20619c95cf3/.github/dependabot.yml#L1-L6
You, or someone in your team, signed up for these.
@dmitry-shibanov I can do what you suggest, but, I did not “subscribe” to dependabot PRs. I was quite happy to remain on v3, I was also very happy on v2 until the previous PR, which worked…
These patches were pushed my way, I did not subscribe to them. To be transparent, the first time I saw the first PR, I felt it was a bit forceful as there was no option to limit the number of requests sent, and I got one, and another, and another, more or less one a day. AFAIK v2 was still supported and not at risk to be withdrawn, so there was no rush for me to update. I had to come back to the repo day after day when it would have been nice to perform all the updates at once.
Therefore if there is an attempt to see developers embrace the bot, then the patches provided should apply without requiring any more work, otherwise, it is not helping but causing “noise” as I now have to close this PR which does not do what it is supposed to achieve: make it easy for me to update to v4.
If the PRs are not going to be a one-click thing, then you are taking the risk to see people just silencing the bot and losing the benefit it provides to the community. If the patch is not going to apply it would be better to open an issue to inform the developer that v4 has been released and give them the option to unsubscribe from the notification (as can be done already).
I appreciate all the work which is being put into this automation and I think it is a good idea: like many developers, I am not interested in the internal of the CI/CD pipeline, I just want it to work and forget about it, so making it easier to update is good.