Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

run dependency review only on pull requests #1443

Merged
merged 2 commits into from
May 7, 2024

Conversation

rtpascual
Copy link
Contributor

@rtpascual rtpascual commented May 7, 2024

Problem

dependency-review-action is meant to only run on pull request, when pushing it fails with https://github.com/aws-amplify/amplify-backend/actions/runs/8977249446/job/24655630829#step:3:6.

Issue number, if available:

Changes

  • Have dependency-review-action run only on pull requests
  • Pin dependency-review-action to a specific commit hash for the current latest version 4.3.2

Corresponding docs PR, if applicable:

Validation

PR checks

Checklist

  • If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
  • If this PR requires a change to the Project Architecture README, I have included that update in this PR.
  • If this PR requires a docs update, I have linked to that docs PR above.
  • If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@rtpascual rtpascual requested review from a team as code owners May 7, 2024 00:06
Copy link

changeset-bot bot commented May 7, 2024

🦋 Changeset detected

Latest commit: 9c63140

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

contents: read

jobs:
dependency-review:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not this

if: github.event_name == 'pull_request'
?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this job doesn't depend on any other steps, it's probably fine as a separate workflow. But yeah, this could also work

Copy link
Contributor Author

@rtpascual rtpascual May 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can do that too, I assumed every check in health_checks follows this

push:
branches:
- main
- hotfix
pull_request:
branches:
- main
- hotfix
- feature/**
workflow_dispatch:
as that line seems easy to miss (which is very true in my case since I didn't see that line).

I added dependency review back and added the if line.

edwardfoyle
edwardfoyle previously approved these changes May 7, 2024
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0
- name: Dependency Review
uses: actions/dependency-review-action@v4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why don't we use the commit hash here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a strong opinion, we can just like what we do with checkout. Seems like only flutter does this and does not use a commit hash https://github.com/search?q=org%3Aaws-amplify%20dependency-review-action&type=code

@rtpascual rtpascual changed the title separate dependency review to a separate workflow run dependency review only on pull requests May 7, 2024
@rtpascual rtpascual merged commit 80a4a10 into main May 7, 2024
34 checks passed
@rtpascual rtpascual deleted the separate-dependency-review branch May 7, 2024 02:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants