Tools automatic dependabot updates require validation of manifests #2643
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
After #2600 and #2636 have been merged dependabot will create dependency updates for tools defined in third_part/go.mod.
The problem is that changes to versions of those tools might entail changes in manifests e.g. all-in-one manifests.
In order to prevent diverging tools' versions and manifests (created by those tools) let's implement a mechanism that will automatically trigger manifests update in the same PR that the tool version bump is being done.
There is a mechanism in place already that will prevent the PRs that update either the tools or the manifests that would result in a diff when manifests are recreated so this types of PRs shouldn't get merged into
main.Proposed solution
The solution that will be implemented to solve this issue could utilize these Github Actions:
Please note that in order to trigger a subsequent workflow, a Personal Access Token has to be used (instead of
GITHUB_TOKENavailable in workflows) because only those can trigger a workflow run from another workflow. Docs documenting this use case: https://github.com/marketplace/actions/git-auto-commit#commits-made-by-this-action-do-not-trigger-new-workflow-runsThe text was updated successfully, but these errors were encountered: