Skip to content

CI: Group all GitHub Actions dependabot updates together#2985

Open
vdemeester wants to merge 1 commit into
tektoncd:mainfrom
vdemeester:fix/dependabot-group-actions
Open

CI: Group all GitHub Actions dependabot updates together#2985
vdemeester wants to merge 1 commit into
tektoncd:mainfrom
vdemeester:fix/dependabot-group-actions

Conversation

@vdemeester

@vdemeester vdemeester commented Jul 3, 2026

Copy link
Copy Markdown
Member

Changes

Group all GitHub Actions dependency updates into a single PR per branch. This prevents version mismatches between related actions (e.g. github/codeql-action/init and github/codeql-action/analyze) that must be bumped together to work correctly.

Without grouping, dependabot creates separate PRs for init and analyze, and merging one without the other causes CI failures:

Loaded a configuration file for version '3.32.4', but running version '3.32.6'

This affects PRs on multiple release branches (e.g. #2983 + #2967 on release-v0.37.x, #2981 + #2980 on release-v0.44.x, #2982 + #2952 on release-v0.45.x).

Submitter Checklist

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

Release Notes

NONE

@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label Jul 3, 2026
@tekton-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from vdemeester after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 3, 2026
Group all GitHub Actions dependency updates into a single PR per
branch. This prevents version mismatches between related actions
(e.g. github/codeql-action/init and github/codeql-action/analyze)
that must be bumped together to work correctly.

Without grouping, dependabot creates separate PRs for init and
analyze, and merging one without the other causes CI failures:

  Loaded a configuration file for version '3.32.4', but running
  version '3.32.6'

Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
@vdemeester vdemeester force-pushed the fix/dependabot-group-actions branch from a9d1bf5 to 5d1bae3 Compare July 3, 2026 20:10
@tekton-robot tekton-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release-note-none Denotes a PR that doesnt merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants