Skip to content

β¬†οΈπŸ‘¨β€πŸ’» Pin dependencies #761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
denialhaag merged 1 commit into from
Sep 8, 2025
Merged

β¬†οΈπŸ‘¨β€πŸ’» Pin dependencies #761

denialhaag merged 1 commit into from
Sep 8, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 6, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/attest-build-provenance action pinDigest -> 977bb37
actions/create-github-app-token action pinDigest -> a8d6161
actions/download-artifact action pinDigest -> 634f93c
munich-quantum-toolkit/workflows action pinDigest -> d42342e
release-drafter/release-drafter action pinDigest -> b1476f6

Configuration

πŸ“… Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ‘» Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file github-actions labels Sep 6, 2025
@github-project-automation github-project-automation bot moved this to In Progress in MQT Compilation Sep 6, 2025
@burgholzer
Copy link
Member

burgholzer commented Sep 6, 2025

@denialhaag just a general observation that also holds for other repositories: can we use these PRs (or any other PRs that update workflow digests) to explicitly add the full version to each of these dependencies (instead of the moving tags)? This creates much nicer update PRs and also enables automerge opportunities.

@renovate renovate bot force-pushed the renovate/pin-dependencies branch from d803226 to 617e036 Compare September 6, 2025 09:53
@denialhaag
Copy link
Member

denialhaag commented Sep 6, 2025

@denialhaag just a general observation that also holds for other repositories: can we use these PRs (or any other PRs that update workflow digests) to explicitly add the full version to each of these dependencies (instead of the moving tags)? This creates much nicer update PRs and also enables automerge opportunities.

Sure! I'll keep that in mind!

@renovate
β¬†οΈπŸ‘¨β€πŸ’» Pin dependencies
73efceb 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 617e036 to 73efceb Compare September 8, 2025 10:31
@denialhaag
Copy link
Member

denialhaag commented Sep 8, 2025

We are now using the pinGitHubActionDigestsToSemver helper. It looks like Renovate wants to create one PR per dependency to correct the comment. I'm merging this now and will let Renovate put the comments.

@denialhaag denialhaag enabled auto-merge (squash) September 8, 2025 10:35
@denialhaag denialhaag merged commit c19fd66 into main Sep 8, 2025
42 checks passed
@denialhaag denialhaag deleted the renovate/pin-dependencies branch September 8, 2025 11:59
@github-project-automation github-project-automation bot moved this from In Progress to Done in MQT Compilation Sep 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denialhaag denialhaag denialhaag approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@burgholzer @denialhaag