Skip to content

Commit

Permalink
Making the used Docker image sticky using the release number (#74)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonasbn
jonasbn authored Dec 21, 2021
1 parent 4ffbfc7 commit 896f49a
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 5 deletions.
6 changes: 5 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
# Change Log for spellcheck-github-actions

## 0.19.0, 2021-12-18, security release , update recommended
## 0.20.0, 2021-12-21, bug fix release, update recommended version

- Made the version specified in the `action.yml` follow the version indicated in the repository. Apparently we where pointing to `latest`, which is good _when_ and _if_ we are backwards compatible and yes we are still in _alpha_ expressed semantically by the version numbers starting with `0` as in `0.20.0`. This would however allow for us to release breaking changes, without breaking a lot of workflows, which would fetch the _latest_ Docker image, which can be either _unstable_ or a major release

## 0.19.0, 2021-12-18, security release, update recommended

- Requirement [lxml](https://pypi.org/project/lxml/) updated from 4.6.3 to 4.6.5 via PR [#71](https://github.com/rojopolis/spellcheck-github-actions/pull/71) from @snyk-bot. This addresses a security, cross-site scripting vulnerability (XSS) in the [lxml](https://pypi.org/project/lxml/) library, see [SNYK-PYTHON-LXML-2316995](https://security.snyk.io/vuln/SNYK-PYTHON-LXML-2316995)

Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
steps:
# The checkout step
- uses: actions/checkout@master
- uses: rojopolis/spellcheck-github-actions@0.19.0
- uses: rojopolis/spellcheck-github-actions@0.20.0
name: Spellcheck
```
Expand Down Expand Up @@ -150,7 +150,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: rojopolis/spellcheck-github-actions@0.19.0
- uses: rojopolis/spellcheck-github-actions@0.20.0
name: Spellcheck
with:
config_path: config/.spellcheck.yml # put path to configuration file here
Expand Down Expand Up @@ -411,7 +411,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: rojopolis/spellcheck-github-actions@0.19.0
- uses: rojopolis/spellcheck-github-actions@0.20.0
name: Spellcheck
```

Expand Down
2 changes: 1 addition & 1 deletion action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ branding:
icon: type
runs:
using: docker
image: 'docker://jonasbn/github-action-spellcheck:latest'
image: 'docker://jonasbn/github-action-spellcheck:0.20.0'

This comment has been minimized.

Sign in to view

Copy link
@jonasbn

jonasbn May 19, 2023

Author Collaborator

Versions prior to 0.20.0 has a flaw, that they are pointing to latest.

This is done in the code base of the action, so it is very implicit to the users. I am going to follow up active projects and provide PRs to get these back on track, since latest is perhaps not the best approach a more explicit (and correct) configuration would be more appropriate, like:

  • 0.32.0 (current at this time)
  • v0 canonical version for major version 0.X.X

0 comments on commit 896f49a

Please sign in to comment.