Skip to content

CI: Group all GitHub Actions dependabot updates together#2985

Merged
tekton-robot merged 1 commit into
tektoncd:mainfrom
vdemeester:fix/dependabot-group-actions
Jul 6, 2026
Merged

CI: Group all GitHub Actions dependabot updates together#2985
tekton-robot merged 1 commit into
tektoncd:mainfrom
vdemeester:fix/dependabot-group-actions

Conversation

@vdemeester

@vdemeester vdemeester commented Jul 3, 2026

Copy link
Copy Markdown
Member

Changes

Group all GitHub Actions dependency updates into a single PR per branch. This prevents version mismatches between related actions (e.g. github/codeql-action/init and github/codeql-action/analyze) that must be bumped together to work correctly.

Without grouping, dependabot creates separate PRs for init and analyze, and merging one without the other causes CI failures:

Loaded a configuration file for version '3.32.4', but running version '3.32.6'

This affects PRs on multiple release branches (e.g. #2983 + #2967 on release-v0.37.x, #2981 + #2980 on release-v0.44.x, #2982 + #2952 on release-v0.45.x).

Submitter Checklist

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

Release Notes

NONE

@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label Jul 3, 2026
@tekton-robot tekton-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 3, 2026
Group all GitHub Actions dependency updates into a single PR per
branch. This prevents version mismatches between related actions
(e.g. github/codeql-action/init and github/codeql-action/analyze)
that must be bumped together to work correctly.

Without grouping, dependabot creates separate PRs for init and
analyze, and merging one without the other causes CI failures:

  Loaded a configuration file for version '3.32.4', but running
  version '3.32.6'

Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
@vdemeester vdemeester force-pushed the fix/dependabot-group-actions branch from a9d1bf5 to 5d1bae3 Compare July 3, 2026 20:10
@tekton-robot tekton-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 3, 2026
@chmouel

chmouel commented Jul 6, 2026

Copy link
Copy Markdown
Member

/approve

@tekton-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chmouel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 6, 2026
@pratap0007

Copy link
Copy Markdown
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 6, 2026
@tekton-robot tekton-robot merged commit 8d41e8d into tektoncd:main Jul 6, 2026
18 of 20 checks passed
@vdemeester vdemeester deleted the fix/dependabot-group-actions branch July 6, 2026 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesnt merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants