pjfanning commented on code in PR #429:
URL: https://github.com/apache/pekko-management/pull/429#discussion_r2079170750
##########
.github/workflows/dependency-graph.yml:
##########
@@ -11,5 +11,5 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Install sbt
- uses: sbt/setup-sbt@v1
Review Comment:
We have at least 1 dependabot generated PR in the apache/pekko repo but it
just updates the SHA. I honestly think the comments if added will quickly
become a burden to maintain and likely to not always be updated.
This change is being forced on us by GitHub and ASF Infra team. In
https://github.com/apache/infrastructure-actions, the versions are only allowed
to Aug 1st. After that, versioned GitHub actions will stop working.
I'm suggesting in
https://github.com/apache/infrastructure-actions/issues/110, that we try to
maintain comments there that link the SHAs to version tags.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@pekko.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@pekko.apache.org
For additional commands, e-mail: notifications-h...@pekko.apache.org
