Correct "setup-licensed" action ref in dependencies license check workflow #464
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…eck workflow This GitHub Actions action is used by the dependencies license check workflow to install the "Licensed" tool in the runner workspace. At the time the workflow was developed, the action was owned by GitHub user `jonabc`, and so the action was referenced as `jonabc/setup-licensed` in the workflow. Since that time, the action was transferred to the `github` GitHub organization. Making things more confusing is the fact that GitHub user `jonabc` now has a development fork of the `github/setup-licensed` repository, meaning that the redirect GitHub provides from the old to the new repository after a transfer does not exist for this action. This resulted in the workflow referencing an outdated copy of the action not intended for production use. The workflow is hereby updated to use the canonical "github/setup-licensed" action.
This "github/setup-licensed" action is used by the dependencies license check workflow to install the "Licensed" tool in the runner machine. Previously the `v1` major version ref of the action was specified in the workflow. This approach is used in order to allow the workflow to automatically always use the latest minor version of the action, only requiring the project maintainers to perform a bump of the action after each major version release. In a competently maintained action project, the major version ref will be updated after each release within that major version series so that it always points to the latest release version. Unfortunately that was not done by the "github/setup-licensed" action maintainers. This means that the use of the `v1` ref in the workflow causes an outdated version of the action to be used. This has been reported to the action maintainers, but unfortunately instead of fixing the problem they archived the repository, so there is no hope of it being resolved. The solution is to replace the major version ref with the ref for the latest release tag. This won't result in an increased maintenance burden because the action repository is archived and thus there won't be any bumps.
per1234
added
type: imperfection
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This GitHub Actions action is used by the "Check Go Dependencies" workflow to install the "Licensed" tool in the runner workspace. At the time the workflow was developed, the action was owned by GitHub user
jonabc, and so the action was referenced asjonabc/setup-licensedin the workflow.Since that time, the action was transferred to the
githubGitHub organization:https://github.com/github/setup-licensed
Making things more confusing is the fact that there is now a development fork of the
github/setup-licensedrepository under GitHub userjonabc's account, meaning that the redirect GitHub provides from the old to the new repository after a transfer does not exist for this action. This resulted in the workflow referencing an outdated copy of the action not intended for production use.The workflow is hereby updated to use the latest version of the canonical "github/setup-licensed" action.