[pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments

pgjdbc/pgjdbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

[pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments
6+ messages / 3 participants
[nested] [flat]

* [pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments
@ 2026-03-14 19:18 "vlsi (@vlsi)" <[email protected]>
  0 siblings, 0 replies; 6+ messages in thread

From: vlsi (@vlsi) @ 2026-03-14 19:18 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

Replace branch-style version comments (e.g. # v4) with full tag names (e.g. # v4.3.1) for all action references. Also add missing version comment for codecov/codecov-action and update provision-release-pgp-key to v1.0.0.

Currently renovate updates look like `chore(deps): update release-drafter/release-drafter digest to 6a93d82` which is not human-readable. If we use tag names like `v4.3.1`, then renovate would create PRs like `bump to v4.3.1` rather than `bump to 6a93d82`

^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: [pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments
@ 2026-03-15 11:51 ` "davecramer (@davecramer)" <[email protected]>
  4 siblings, 0 replies; 6+ messages in thread

From: davecramer (@davecramer) @ 2026-03-15 11:51 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

Having just gone through this with internal appsec, they are requesting using the SHA instead.

^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: [pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments
@ 2026-03-15 11:59 ` "vlsi (@vlsi)" <[email protected]>
  4 siblings, 0 replies; 6+ messages in thread

From: vlsi (@vlsi) @ 2026-03-15 11:59 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

Did they review the change?

^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: [pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments
@ 2026-03-15 14:36 ` "sehrope (@sehrope)" <[email protected]>
  4 siblings, 0 replies; 6+ messages in thread

From: sehrope (@sehrope) @ 2026-03-15 14:36 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

We already have the SHA in place. This is supposed to be just updating the comments to reflect the full version rather than just `v${MAJOR}`.

Except for this one:

```
diff --git a/.github/workflows/pgp-key-maintenance.yaml b/.github/workflows/pgp-key-maintenance.yaml
index 42bf3d3f..88b1e34d 100644
--- a/.github/workflows/pgp-key-maintenance.yaml
+++ b/.github/workflows/pgp-key-maintenance.yaml
@@ -8,7 +8,7 @@ permissions: read-all
 jobs:
   pgp-key-maintenance:
     name: PGP key maintenance
-    uses: vlsi/provision-release-pgp-key/.github/workflows/pgp-key-maintenance.yaml@47caa11d98dd9e897523af1f16532bf6152e8444 # v1
+    uses: vlsi/provision-release-pgp-key/.github/workflows/pgp-key-maintenance.yaml@7c6e3c4eb82ecdd18d1959f3f1a41af9ea0aac0e # v1.0.0
     secrets:
       RELEASE_PGP_SECRET_UPDATE_TOKEN: ${{ secrets.RELEASE_PGP_SECRET_UPDATE_TOKEN }}
       RELEASE_PGP_PRIVATE_KEY: ${{ secrets.RELEASE_PGP_PRIVATE_KEY }}
```

Why did the hash for that change?



^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: [pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments
@ 2026-03-15 15:04 ` "vlsi (@vlsi)" <[email protected]>
  4 siblings, 0 replies; 6+ messages in thread

From: vlsi (@vlsi) @ 2026-03-15 15:04 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

Because old sha was not tagged

^ permalink  raw  reply  [nested|flat] 6+ messages in thread

* Re: [pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments
@ 2026-03-15 22:02 ` "davecramer (@davecramer)" <[email protected]>
  4 siblings, 0 replies; 6+ messages in thread

From: davecramer (@davecramer) @ 2026-03-15 22:02 UTC (permalink / raw)
  To: pgjdbc/pgjdbc <[email protected]>

So apparently you can setup dependabot for the github actions as well

^ permalink  raw  reply  [nested|flat] 6+ messages in thread

end of thread, other threads:[~2026-03-15 22:02 UTC | newest]

Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-03-14 19:18 [pgjdbc/pgjdbc] PR #3963: chore: use full version tags in GitHub Actions comments "vlsi (@vlsi)" <[email protected]>
2026-03-15 11:51 ` "davecramer (@davecramer)" <[email protected]>
2026-03-15 11:59 ` "vlsi (@vlsi)" <[email protected]>
2026-03-15 14:36 ` "sehrope (@sehrope)" <[email protected]>
2026-03-15 15:04 ` "vlsi (@vlsi)" <[email protected]>
2026-03-15 22:02 ` "davecramer (@davecramer)" <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox