Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incomplete dependency name on github-actions ecosystem #10605

Open
1 task done
SimonMarquis opened this issue Sep 14, 2024 · 0 comments
Open
1 task done

Incomplete dependency name on github-actions ecosystem #10605

SimonMarquis opened this issue Sep 14, 2024 · 0 comments
Labels
L: github:actions GitHub Actions L: java:gradle Maven packages via Gradle T: bug 🐞 Something isn't working

Comments

@SimonMarquis
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

GitHub Actions

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

Standard configuration:

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"

Updated dependency

Bump gradle/actions from 4.0.1 to 4.1.0 in /.github/workflows
Bumps [gradle/actions](https://github.com/gradle/actions) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](https://github.com/gradle/actions/compare/16bf8bc8fe830fa669c3c9f914d3eb147c629707...d156388eb19639ec20ade50009f3d199ce1e2808)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

What you expected to see, versus what you actually saw

gradle/actions contains multiple actions:

Unfortunately, dependabot will use the repository name in place of the actual dependency name..
For example, in this PR commit: SimonMarquis/SealedObjectInstances@9240b25
it incorrectly mentions gradle/actions instead gradle/actions/dependency-submission which can be misleading.

I would expect dependabot to explicitly mention the complete dependency name it updates.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

SimonMarquis/SealedObjectInstances#278

Smallest manifest that reproduces the issue

No response
@SimonMarquis SimonMarquis added the T: bug 🐞 Something isn't working label Sep 14, 2024
@github-actions github-actions bot added L: github:actions GitHub Actions L: java:gradle Maven packages via Gradle labels Sep 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: github:actions GitHub Actions L: java:gradle Maven packages via Gradle T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SimonMarquis