diff options
author | Takashi Kokubun <takashikkbn@gmail.com> | 2022-10-16 22:47:49 -0700 |
---|---|---|
committer | Takashi Kokubun <takashikkbn@gmail.com> | 2022-10-16 22:47:49 -0700 |
commit | b7de04d161726fbb277eaa95fb0d658dbb6a9536 (patch) | |
tree | 11b911fa28ab2ef72e5558792f1bb32d52624906 /.github/workflows | |
parent | bfc6c1f1cb7a2dd381688999d635e3532f35bfef (diff) |
Disable dependabot for auto-request-review for now
because you have to manually update the version tag comment.
It feels unsafe to trust third party git tags when you need to pass
MATZBOT_GITHUB_TOKEN to it. Git commit sha alone isn't human-readable
and I'm reluctant to remove the comment either. It doesn't seem worth
the effort to review changes for every release of this action.
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/auto_request_review.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/.github/workflows/auto_request_review.yml b/.github/workflows/auto_request_review.yml index d499a84d5a..8275927fd3 100644 --- a/.github/workflows/auto_request_review.yml +++ b/.github/workflows/auto_request_review.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Request review based on files changes and/or groups the author belongs to - uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.7.0, checking sha + uses: necojackarc/auto-request-review@b5e81876454003a4ccb9b89cb205c67d77d7035b # v0.8.0, checking sha with: # scope: public_repo token: ${{ secrets.MATZBOT_GITHUB_TOKEN }} |