Skip to content

✨ Mention renovatebot's settings#1575

Merged
laurentsimon merged 4 commits intoossf:mainfrom
laurentsimon:feat/renovdoc
Jan 31, 2022
Merged

✨ Mention renovatebot's settings#1575
laurentsimon merged 4 commits intoossf:mainfrom
laurentsimon:feat/renovdoc

Conversation

@laurentsimon
Copy link
Copy Markdown
Contributor

@laurentsimon laurentsimon commented Jan 31, 2022

Explicitly say that renovatebot can help migrate from version pinning to hash pinning via a setting.
See dependabot/dependabot-core#3699 (comment)

@laurentsimon laurentsimon requested a review from olivekl as a code owner January 31, 2022 19:28
@laurentsimon laurentsimon enabled auto-merge (squash) January 31, 2022 19:28
@laurentsimon laurentsimon temporarily deployed to integration-test January 31, 2022 19:28 Inactive
@laurentsimon laurentsimon temporarily deployed to integration-test January 31, 2022 19:29 Inactive
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 31, 2022

Integration tests success for
[27d125a]
(https://github.com/ossf/scorecard/actions/runs/1774508844)

@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 31, 2022

Integration tests success for
[d28df6e]
(https://github.com/ossf/scorecard/actions/runs/1774505189)

naveensrinivasan
naveensrinivasan approved these changes Jan 31, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@naveensrinivasan naveensrinivasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@naveensrinivasan naveensrinivasan temporarily deployed to integration-test January 31, 2022 22:22 Inactive
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 31, 2022

Integration tests success for
[b3a64b8]
(https://github.com/ossf/scorecard/actions/runs/1775215169)

azeemshaikh38
azeemshaikh38 approved these changes Jan 31, 2022
View reviewed changes
Comment thread docs/checks/internal/checks.yaml
maintaining stable forks should evaluate whether this behavior is satisfactory
before turning it on.
- >-
Unlike dependabot, renovatebot has support to migrate dockerfiles' dependencies from version pinning to hash pinning
Copy link
Copy Markdown
Contributor

@azeemshaikh38 azeemshaikh38 Jan 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: might come across as if we are putting down dependabot. Consider changing to:

Renovatebot supports migrating Dockerfile dependencies from ...

Copy link
Copy Markdown
Contributor

@azeemshaikh38 azeemshaikh38 Jan 31, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought conversation resolution before merging should stop this PR from being merged, lol.

Copy link
Copy Markdown
Contributor Author

@laurentsimon laurentsimon Feb 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it should have!

@laurentsimon laurentsimon merged commit cbbfebb into ossf:main Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olivekl olivekl Awaiting requested review from olivekl

2 more reviewers

@azeemshaikh38 azeemshaikh38 azeemshaikh38 approved these changes

@naveensrinivasan naveensrinivasan naveensrinivasan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@laurentsimon @naveensrinivasan @azeemshaikh38