Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

One specific GitHub Action is never updated #11149

Open
1 task done
baynezy opened this issue Dec 18, 2024 · 0 comments
Open
1 task done

One specific GitHub Action is never updated #11149

baynezy opened this issue Dec 18, 2024 · 0 comments
Labels
L: github:actions GitHub Actions T: bug 🐞 Something isn't working

Comments

@baynezy
Copy link

baynezy commented Dec 18, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

GitHub Actions

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
registries:
  nuget-code-artifact:
    type: nuget-feed
    url: https://REDACTED.d.codeartifact.eu-west-2.amazonaws.com/nuget/team-packages/v3/index.json
    username: aws
    password: ${{secrets.CODE_ARTIFACT_TOKEN_PRIVATE_REPOS}}
  
  private-github-actions:
    type: git
    url: https://github.com
    username: x-access-token
    password: ${{secrets.PRIVATE_GITHUB_ACTIONS_TOKEN}}
  
  tf-cloud:
    type: terraform-registry
    url: https://app.terraform.io
    token: ${{secrets.DEPENDABOT_TF_CLOUD}}
updates:
  - package-ecosystem: "nuget"
    directory: "/" # Location of package manifests
    registries:
      - nuget-code-artifact
    schedule:
      interval: "daily"
    labels:
      - "flag:dependencies"
    open-pull-requests-limit: 10
      
  - package-ecosystem: "github-actions"
    directory: "/" # Location of package manifests
    registries:
      - private-github-actions
    schedule:
      interval: "daily"
    labels:
      - "flag:dependencies"
  
  - package-ecosystem: "terraform"
    directory: "/deploy/bucket" # Location of package manifests
    registries: "*"
    schedule:
      interval: "daily"
    labels:
      - "flag:dependencies"
  
  - package-ecosystem: "terraform"
    directory: "/deploy/lambda" # Location of package manifests
    registries: "*"
    schedule:
      interval: "daily"
    labels:
      - "flag:dependencies"

Updated dependency

No response

What you expected to see, versus what you actually saw

I have a private repository in my organisation that I put my shared workflows in. These are used across many projects successfully.
I recently published a new tag version 1.0.0.8 of the repository.

Dependabot created a PR to update this. It updated every instance of each shared workflow except one. This has remained on the previous tag. This exact behaviour is replicated on every repository that uses these shared workflows.

I would expect that they all get updated at the same time.

Successfully updated workflow (blocked-issue.yml):

name: Blocked Issue Labeler

on:
  issues:
    types:
      - opened
      - edited
  issue_comment:
    types:
      - created
      - edited

jobs:
  update:
    uses: My-Org/Shared.Workflows/.github/workflows/[email protected]
    secrets: inherit

Unsuccessfully updated workflow (static-analysis.yml):

name: Static Analysis
on:
  push:
    branches:
      - develop
    paths:
      - 'src/**'
      - 'test/**'
      - '**.sln'
      - '.github/workflows/static-analysis.yml'
  pull_request:
    types: [opened, synchronize, reopened]
    paths:
      - 'src/**'
      - 'test/**'
      - '**.sln'
      - '.github/workflows/static-analysis.yml'
jobs:
  scan:
    if: ${{ github.actor != 'dependabot[bot]' }}
    uses: My-Org/Shared.Workflows/.github/workflows/[email protected]
    secrets: inherit
    with:
      project-name: 'Afterlife-Guide_AfterLife.Guide.Profile'
      test-filter: "Category!=LocalTest"
      has_integration_tests: true

If I run dependabot again it reports that this dependency is up to date.

updater | 2024/12/18 15:45:07 INFO <job_934922561> Checking if My-Org/Shared.Workflows 1.0.0.8 needs updating
  proxy | 2024/12/18 15:45:07 [078] GET [https://github.com:443/my-org/shared.workflows.git/info/refs?service=git-upload-pack](https://github.com/my-org/shared.workflows.git/info/refs?service=git-upload-pack)
  proxy | 2024/12/18 15:45:07 [078] 200 [https://github.com:443/my-org/shared.workflows.git/info/refs?service=git-upload-pack](https://github.com/my-org/shared.workflows.git/info/refs?service=git-upload-pack)
updater | 2024/12/18 15:45:07 INFO <job_934922561> Latest version is 1.0.0.8
updater | 2024/12/18 15:45:07 INFO <job_934922561> No update needed for My-Org/Shared.Workflows 1.0.0.8

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@baynezy baynezy added the T: bug 🐞 Something isn't working label Dec 18, 2024
@github-actions github-actions bot added L: dart:pub Dart packages via pub L: dotnet:nuget NuGet packages via nuget or dotnet L: github:actions GitHub Actions L: go:modules Golang modules L: terraform Terraform packages labels Dec 18, 2024
@brettfo brettfo removed L: go:modules Golang modules L: terraform Terraform packages L: dotnet:nuget NuGet packages via nuget or dotnet L: dart:pub Dart packages via pub labels Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: github:actions GitHub Actions T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brettfo @baynezy