Skip to content

Update auto-merge workflow to use hashes #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

Update auto-merge workflow to use hashes #96

merged 1 commit into from
Nov 3, 2025

Conversation

@Marenz
Copy link
Contributor

@Marenz Marenz commented Nov 3, 2025
edited by llucax
Loading

Use commit hash for frequenz-floss/dependabot-auto-approve action for better security and reproducibility.

@llucax @Marenz
Add Dependabot auto-merge workflow
d9badaa 
Use commit hash for dependabot-auto-approve action for better
security and reproducibility.

Signed-off-by: Mathias L. Baumann <[email protected]>
Copilot AI review requested due to automatic review settings November 3, 2025 10:18
@Marenz Marenz requested a review from a team as a code owner November 3, 2025 10:18
@Marenz Marenz requested a review from shsms November 3, 2025 10:18
@github-actions github-actions bot added the part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) label Nov 3, 2025
Copilot AI reviewed Nov 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the GitHub Actions workflow to use a commit SHA reference instead of a semantic version tag for the Dependabot auto-approve action, while maintaining the version tag as a comment for reference.

  • Changed the action reference from a mutable tag (v1.3.0) to an immutable commit SHA (005e52004f5d5c6af2f81b89ec25e5cf6f3dfd77)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Marenz Marenz enabled auto-merge November 3, 2025 10:20
@llucax
Copy link
Contributor

llucax commented Nov 3, 2025

I guess you have some script to spam any repo that doesn't have the latest version to create a PR with this title, but maybe rename the PR to "Update dependabot auto-merge workflow..."?

@llucax llucax changed the title Add Dependabot auto-merge workflow Update auto-merge workflow to use hashes Nov 3, 2025
@Marenz Marenz added this pull request to the merge queue Nov 3, 2025
@llucax
Copy link
Contributor

llucax commented Nov 3, 2025

I did it myself.

Merged via the queue into frequenz-floss:v0.x.x with commit fbf292f Nov 3, 2025
12 checks passed
@Marenz Marenz deleted the add-dependabot-workflow branch November 3, 2025 10:26
@Marenz
Copy link
Contributor Author

Marenz commented Nov 3, 2025

I guess you have some script to spam any repo that doesn't have the latest version to create a PR with this title, but maybe rename the PR to "Update dependabot auto-merge workflow..."?

I refined the instructions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@llucax llucax llucax approved these changes

@shsms shsms Awaiting requested review from shsms shsms is a code owner automatically assigned from frequenz-floss/python-sdk-team

Assignees

No one assigned

Labels

part:tooling Affects the development tooling (CI, deployment, dependency management, etc.)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Marenz @llucax