Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

renovate: disable rollbackPrs #149

Merged
merged 1 commit into from
Jul 12, 2023
Merged

renovate: disable rollbackPrs #149

merged 1 commit into from
Jul 12, 2023

Conversation

Luap99
Copy link
Member

@Luap99 Luap99 commented Jul 12, 2023

Not sure why but the config change in commit 8f61a71 caused us to now
get rollback PRs for digest updates which is wrong and very noisy.
Let's keep them disabled for now and let Chris figure it out when he is
back.

@vrothberg @edsantiago PTAL again i.e. containers/podman#19206
This should not be created.

Not sure why but the config change in commit 8f61a71 caused us to now
get rollback PRs for digest updates which is wrong and very noisy.
Let's keep them disabled for now and let Chris figure it out when he is
back.

Signed-off-by: Paul Holzinger <[email protected]>
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Agreed, no rollbacks. We need commits.

@github-actions
Copy link

github-actions bot commented Jul 12, 2023

Successfully triggered github-actions/success task to indicate successful run of cirrus-ci_retrospective integration and unit testing from this PR's 0e134f92437bd091e71b4ab99242135977770703.

@Luap99 Luap99 merged commit 6dc87f5 into containers:main Jul 12, 2023
@Luap99 Luap99 deleted the renovate2 branch July 12, 2023 13:18
@Luap99
Copy link
Member Author

Luap99 commented Jul 12, 2023

confirmed containers/podman#18109 no longer shows planned rollbacks

@cevich
Copy link
Member

cevich commented Aug 8, 2023

Finally catching up to this. As with #148 you did the right thing here under the circumstances. Rollbacks for golang have been basically broken for a long time now. The risk of getting one is probably low (though it has happened a few times), the complexity added to support SHA based updates (which we use a lot of) isn't worth it.

The main concern is over security issues (they happen) and accidental/broken releases (they happen less). Major security issues should (eventually) have a vulnerability alert issued (which will open it's own PR). So really we only need to watch out for accidental/broken releases (conmon had one). Those can be worked around with other config. options (as we did with conmon).

So overall 👍 nice job.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants