Add initial version of "Enhancements to referring to actions by commit hash" #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vampire
suggested changes
May 23, 2025
| stored in the catalog are versioned by the major versions, so e.g. if a typing change is required because of a change in | ||
| the action between v1.0 and v1.1, it may be a breaking change for the Kotlin binding consumer. | ||
|
|
||
| To solve it, we could provide a way to freeze not only the action's commit has, but also the catalog typing's commit |
There was a problem hiding this comment.
Suggested change
| To solve it, we could provide a way to freeze not only the action's commit has, but also the catalog typing's commit | |
| To solve it, we could provide a way to freeze not only the action's commit hash, but also the catalog typing's commit |
|
|
||
| ```kotlin | ||
| @file:Repository("https://bindings.krzeminski.it") | ||
| @file:DependsOn("actions:checkout__commit:v4.1.2__85e6279cec87321a52edac9c87bce653a07cf6c2") |
There was a problem hiding this comment.
Suggested change
| @file:DependsOn("actions:checkout__commit:v4.1.2__85e6279cec87321a52edac9c87bce653a07cf6c2") | |
| @file:DependsOn("actions:checkout___commit:v4.1.2__85e6279cec87321a52edac9c87bce653a07cf6c2") |
two underscores is sub-action, three underscores is version significance
| ``` | ||
|
|
||
| Additionally, the bindings server would validate if the version ref (here: `v4.1.2`) points to the mentioned commit | ||
| hash. Thanks to the extra validation, the user an extra assurance than with the YAML approach - the version is for sure |
There was a problem hiding this comment.
Suggested change
| hash. Thanks to the extra validation, the user an extra assurance than with the YAML approach - the version is for sure | |
| hash. Thanks to the extra validation, the user has an extra assurance than with the YAML approach - the version is for sure |
|
|
||
| ```kotlin | ||
| @file:Repository("https://bindings.krzeminski.it") | ||
| @file:DependsOn("actions:checkout__commit_lenient:v4.1.2__85e6279cec87321a52edac9c87bce653a07cf6c2") |
There was a problem hiding this comment.
Suggested change
| @file:DependsOn("actions:checkout__commit_lenient:v4.1.2__85e6279cec87321a52edac9c87bce653a07cf6c2") | |
| @file:DependsOn("actions:checkout___commit_lenient:v4.1.2__85e6279cec87321a52edac9c87bce653a07cf6c2") |
|
|
||
| It's similar to the above approach, with these differences: | ||
| * the version is just used to add a comment in the YAML - no validation is performed | ||
| * the version is used to look up the typings in the catalog |
There was a problem hiding this comment.
This is not really a difference.
With both approaches the typings should be lookupable in the catalog as described if the commit does not have typing information.
| This mode is created to closer resemble how the YAML approach works. Because of no extra validation, it allows handling | ||
| certain edge cases, when the commit hash is intentionally out of sync with the version. For example: the version tag was | ||
| deleted because of a security vulnerability, and the user prefers to keep the action usage pinned to the commit hash to | ||
| keep the workflow working, as opposed to failing in the consistency check job. |
There was a problem hiding this comment.
Suggested change
| keep the workflow working, as opposed to failing in the consistency check job. | |
| keep the workflow working, as opposed to failing in the consistency check job. Or the user wants to use a newer hash with some fix that did not make it into a release yet. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See typesafegithub/github-workflows-kt#1691.