CodingPirates/blockly
1
0
Fork 0
mirror of https://github.com/google/blockly.git synced 2025-12-15 13:50:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dependabot/npm_and_yarn/npm_and_yarn-e303d5f884
blockly/.github/dependabot.yml
Ben Henning b5f2d576fa fix: Make the 'welcome new contributors' workflow run again (#9448) 
## The basics

- [x] I [validated my changes](https://developers.google.com/blockly/guides/contribute/core#making_and_verifying_a_change)

## The details
### Resolves

Fixes #9447

### Proposed Changes

Pin the `actions/first-interactions` action to v1.3.0 and update the input parameters. Configure Dependabot to no longer try to upgrade this version.

### Reason for Changes

There are three sets of failures being addressed here:
1. `v3.0.0` introduces a breaking changes by renaming the input names.
2. `v3.1.0` introduces a breaking change that somehow enforces `issue_message` being required which isn't being defined for Blockly (we only welcome on PRs). This hasn't been addressed by the action author so this PR pins to v3.0.0 to go back to a working version.\*
3. `v2` introduced a breaking behavioral change that caused all runs of the workflow to outright fail by not being compatible with `pull_request_target`.

\* Technically it was broken when upgraded in #9323 due to a warning (rather than error) enforcing the now-required parameters. That was hiding a failure introduced when upgraded in #9274 that outright broke the workflow due to it running with `pull_request_target`.

### Test Coverage

The team doesn't utilize automated tests for the workflow configurations themselves thus verifying them through running CI is sufficient.

https://github.com/BenHenning/blockly/pull/16#pullrequestreview-3400731300 demonstrates this passing and working correctly with a merged in version of this branch (since the workflow uses `pull_request_target` it cannot be verified in this PR's CI workflow) for a 'new' contributor (thanks for the help @rpbourret and @maribethb).

### Documentation

No documentation changes are needed for this workflow configuration change.

### Additional Information

Nothing to add that's not above or in the filed bug.
2025-10-30 10:53:35 -07:00

32 lines
1.0 KiB
YAML
Raw Permalink Blame History

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: 'npm' # See documentation for possible values
directory: '/' # Location of package manifests
target-branch: 'develop'
schedule:
interval: 'weekly'
commit-message:
prefix: 'chore(deps)'
labels:
- 'PR: chore'
- 'PR: dependencies'
- package-ecosystem: 'github-actions' # See documentation for possible values
directory: '/'
target-branch: 'develop'
schedule:
interval: 'weekly'
ignore:
# See notes in welcome_new_contributors.yml for details on this.
- dependency-name: 'actions/first-interaction'
versions: ['*']
commit-message:
prefix: 'chore(deps)'
labels:
- 'PR: chore'
- 'PR: dependencies'
Reference in New Issue View Git Blame Copy Permalink