Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

renovate: disable rollbackPrs #149

Merged
merged 1 commit into from
Jul 12, 2023
Merged

renovate: disable rollbackPrs #149

merged 1 commit into from
Jul 12, 2023

Conversation

Luap99
Copy link
Member

@Luap99 Luap99 commented Jul 12, 2023

Not sure why but the config change in commit 8f61a71 caused us to now
get rollback PRs for digest updates which is wrong and very noisy.
Let's keep them disabled for now and let Chris figure it out when he is
back.

@vrothberg @edsantiago PTAL again i.e. containers/podman#19206
This should not be created.

@Luap99
renovate: disable rollbackPrs
0e134f9 
Not sure why but the config change in commit 8f61a71 caused us to now
get rollback PRs for digest updates which is wrong and very noisy.
Let's keep them disabled for now and let Chris figure it out when he is
back.

Signed-off-by: Paul Holzinger <[email protected]>
vrothberg
vrothberg reviewed Jul 12, 2023
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Agreed, no rollbacks. We need commits.

@github-actions
Copy link

github-actions bot commented Jul 12, 2023
edited
Loading

Successfully triggered github-actions/success task to indicate successful run of cirrus-ci_retrospective integration and unit testing from this PR's 0e134f92437bd091e71b4ab99242135977770703.

@Luap99 Luap99 merged commit 6dc87f5 into containers:main Jul 12, 2023
9 checks passed
@Luap99 Luap99 deleted the renovate2 branch July 12, 2023 13:18
@Luap99
Copy link
Member Author

Luap99 commented Jul 12, 2023

confirmed containers/podman#18109 no longer shows planned rollbacks

@Luap99 Luap99 mentioned this pull request Jul 12, 2023
Closed
1 task
@cevich
Copy link
Member

cevich commented Aug 8, 2023

Finally catching up to this. As with #148 you did the right thing here under the circumstances. Rollbacks for golang have been basically broken for a long time now. The risk of getting one is probably low (though it has happened a few times), the complexity added to support SHA based updates (which we use a lot of) isn't worth it.

The main concern is over security issues (they happen) and accidental/broken releases (they happen less). Major security issues should (eventually) have a vulnerability alert issued (which will open it's own PR). So really we only need to watch out for accidental/broken releases (conmon had one). Those can be worked around with other config. options (as we did with conmon).

So overall 👍 nice job.

@mtrmac mtrmac mentioned this pull request Aug 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vrothberg vrothberg vrothberg left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Luap99 @cevich @vrothberg