renovate: Configure minor Actions version bumps#49456
Merged
Merged
Conversation
This is a followup to #49337. In that PR, QualityOps pinned all non-GitHub actions with shas. They were going to set up Dependabot to create update PRs, but as we use Renovate we'd rather configure that to do it instead. I intentionally left out the creation of a grouped-update for major version bumps. It seems likely those will need closer attention, so I think it's probably better to have separate PRs for those.
Contributor
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 Follow this PR Review Process:
If you have questions about anything, reach out in #jetpack-developers for guidance! |
tbradsha
approved these changes
Jun 8, 2026
tbradsha
left a comment
Contributor
There was a problem hiding this comment.
Looks good to me, and glad to see the version number is added as a comment. Thanks!
anomiex
added a commit
that referenced
this pull request
Jun 11, 2026
PR #49456 set up renovate to pin all actions except `actions/*`. It has now come out that they intend to turn on GitHub's "require actions to be pinned" setting, which does not make an exception for those. We may as well get ahead of things and update renovate now.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
This is a followup to #49337. In that PR, QualityOps pinned all non-GitHub actions with shas. They were going to set up Dependabot to create update PRs, but as we use Renovate we'd rather configure that to do it instead.
I intentionally left out the creation of a grouped-update for major version bumps. It seems likely those will need closer attention, so I think it's probably better to have separate PRs for those.
Related product discussion/links
None linkable
Does this pull request change what data or activity we track or use?
No
Testing instructions