Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump guardian/actions-riff-raff from 2 to 4 #180

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 20, 2024

Bumps guardian/actions-riff-raff from 2 to 4.

Release notes

Sourced from guardian/actions-riff-raff's releases.

v4.0.0

Breaking changes

Migrating from v3 to v4

Prior to v4, workflows that used this action were required to assume the role necessary to upload artifacts to Riff-Raff, via configure-aws-credentials. This is no longer required, as this action does it for you. This has the benefit of hardening your workflows, as intermediate steps no longer have access to AWS credentials.

To migrate:

  1. Bump guardian/actions-riff-raff@v3 to guardian/actions-riff-raff@v4 in your workflow file.

  2. Add the required roleArn property under the with section of the guardian/actions-riff-raff@v4 action. This is typically stored as a secret that can be accessed via ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}.

  3. Remove the configure-aws-credentials step from your workflow, as it's no longer required.

[!NOTE] For the action to successfully assume the Riff-Raff role, you still need to include the following permission:

permissions:
  id-token: write
  # ...

What's Changed

New Contributors

Full Changelog: guardian/actions-riff-raff@v3...v4

v3.3.2

What's Changed

Full Changelog: guardian/actions-riff-raff@v3.3.1...v3.3.2

v3.3.1

... (truncated)

Commits
  • b2107fa Merge pull request #127 from guardian/aa/more-directed-error-handling
  • 323f02a feat: Handle Riff-Raff upload error, and PR commenting error separately
  • 8bedd7c Merge pull request #126 from guardian/aa/err-msg
  • fef9e33 fix: Improve feedback on S3 upload failure
  • 6420275 Fix link to topics docs
  • 25d3d0f Merge pull request #124 from guardian/jd-clearer-readme
  • fb8f83e clearer about gitHubToken
  • 3281a03 Merge pull request #123 from guardian/dependabot/npm_and_yarn/undici-5.28.4
  • 9621105 chore(deps): bump undici from 5.28.3 to 5.28.4
  • 6332d68 Merge pull request #114 from guardian/akash1810-patch-1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 20, 2024
@tomrf1
Copy link
Member

tomrf1 commented Sep 12, 2024

@dependabot rebase

Bumps [guardian/actions-riff-raff](https://github.com/guardian/actions-riff-raff) from 2 to 4.
- [Release notes](https://github.com/guardian/actions-riff-raff/releases)
- [Commits](guardian/actions-riff-raff@v2...v4)

---
updated-dependencies:
- dependency-name: guardian/actions-riff-raff
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/guardian/actions-riff-raff-4 branch from 618d6c9 to 085294c Compare September 12, 2024 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant