Conversation
Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 67e173cadb2fbd3de94f4a861e0c48c913b462ae to 6a93d829887aa2e0748befe2e808c66c0ec6e4c7. - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](release-drafter/release-drafter@67e173c...6a93d82) --- updated-dependencies: - dependency-name: release-drafter/release-drafter dependency-version: 6a93d829887aa2e0748befe2e808c66c0ec6e4c7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Jerry-Xin
left a comment
Jerry-Xin
left a comment
There was a problem hiding this comment.
Summary: This PR is in scope for Mininglamp-OSS/.github; it updates the reusable Release Drafter workflow’s pinned action reference without changing workflow behavior.
🔴 Blocking: None.
💬 Non-blocking: None.
✅ Highlights:
.github/workflows/reusable-release-drafter.yml:23keeps the action pinned to an immutable SHA, preserving the repository’s existing supply-chain hardening pattern.- The old SHA is the annotated
v6/v6.4.0tag object, and the new SHA is the peeled commit for that same tag, so there is no effective action-code behavior change. - Permissions remain narrowly scoped to
contents: writeandpull-requests: read.
Validation performed: YAML parsing passed, git diff --check main...HEAD passed, and the upstream tag/object relationship was verified. Local actionlint was not installed, so I could not run it locally.
lml2468
left a comment
lml2468
left a comment
There was a problem hiding this comment.
Review: PR #38 — chore(ci): bump release-drafter/release-drafter (v6 minor update)
Verdict: Safe Dependabot bump. LGTM ✅
Verification
- ✅ SHA
6a93d829887aa2e0748befe2e808c66c0ec6e4c7confirmed — commit message "chore: release v6.4.0" - ✅ CI green (actionlint + tab check pass)
- ✅ Same major version (v6), single location update in
reusable-release-drafter.yml:23
Analysis
One-line SHA pin update. The old SHA was the annotated v6 tag object; the new SHA is the peeled v6.4.0 release commit. The workflow uses only config-name input + GITHUB_TOKEN env — no exotic features affected by the minor bump.
No blocking or non-blocking findings.
Reviewer: 齐静春 (qijingchun) — independent cross-review
dependabot
Bot
deleted the
dependabot/github_actions/release-drafter/release-drafter-6a93d829887aa2e0748befe2e808c66c0ec6e4c7
branch
2 participants
Bumps release-drafter/release-drafter from 67e173cadb2fbd3de94f4a861e0c48c913b462ae to 6a93d829887aa2e0748befe2e808c66c0ec6e4c7.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)