Thanks to visit codestin.com
Credit goes to github.com

Skip to content

ci: Update merge conflict labeler #28023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 7, 2024
Merged

ci: Update merge conflict labeler #28023

merged 1 commit into from
Apr 7, 2024

Conversation

QuLogic
Copy link
Member

@QuLogic QuLogic commented Apr 4, 2024
edited
Loading

PR summary

This should fix the warning about deprecated nodejs.

Also, changing from the branch name to a tagged commit should be more stable, and I think will fix dependabot to start auto-updating this one.

PR checklist

@QuLogic
ci: Update merge conflict labeler
685f057 
This should fix the warning about deprecated nodejs.
@QuLogic
Copy link
Member Author

QuLogic commented Apr 4, 2024

Note also that this won't have any effect here because it runs on the pull_request_target trigger, and that doesn't use the PR contents for security reasons. But you can see this action running on my fork at https://github.com/QuLogic/matplotlib/actions/runs/8560979186

tacaswell
tacaswell reviewed Apr 4, 2024
View reviewed changes
.github/workflows/conflictcheck.yml
@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check if PRs have merge conflicts
uses: eps1lon/actions-label-merge-conflict@releases/2.x
uses: eps1lon/actions-label-merge-conflict@e62d7a53ff8be8b97684bffb6cfbbf3fc1115e2e # v3.0.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume using the hash for paranoia reasons?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, @matthewfeickert did this elsewhere for us in #26025.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no real downside to using the hash, but for the record I generally only care about using it when it comes to supply chain security. I'll defer to you all on if https://github.com/eps1lon/actions-label-merge-conflict is critical enough to your infrastructure that it needs hashes or not (they will get autoupdated by Dependabot either way).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not super privileged, but it does have PR write permissions.

@dstansby dstansby added this to the v3.9.0 milestone Apr 7, 2024
@dstansby dstansby merged commit f799b00 into matplotlib:main Apr 7, 2024
meeseeksmachine pushed a commit to meeseeksmachine/matplotlib that referenced this pull request Apr 7, 2024
@dstansby @meeseeksmachine
Backport PR matplotlib#28023: ci: Update merge conflict labeler
a9e5ee3
@meeseeksmachine meeseeksmachine mentioned this pull request Apr 7, 2024
Merged
rcomer added a commit that referenced this pull request Apr 7, 2024
@rcomer
Merge pull request #28038 from meeseeksmachine/auto-backport-of-pr-28…
03c94a2 
…023-on-v3.9.x

Backport PR #28023 on branch v3.9.x (ci: Update merge conflict labeler)
@QuLogic QuLogic deleted the update-conflict-check branch April 7, 2024 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tacaswell tacaswell tacaswell approved these changes

@matthewfeickert matthewfeickert matthewfeickert left review comments

@dstansby dstansby dstansby approved these changes

Assignees
No one assigned
Labels
Maintenance
Projects
None yet
Milestone
v3.9.0
Development

Successfully merging this pull request may close these issues.
4 participants
@QuLogic @tacaswell @matthewfeickert @dstansby