I've see a v6.6.6 tag on this repo that looks accidental. It points at 7d96d52 (a 2019 commit titled "condition"), it's the only 6.x tag in a repo that's otherwise on 1.x/2.x, and there's no Release attached to it.
It creates this issue: Dependabot in the downstream plugin repos that pin uses: SignalK/signalk-server/.github/workflows/plugin-ci.yml@ sees v6.6.6 as the "latest" and keeps proposing to upgrade everyone to it. Since it's not a real release, those are phantom bumps.
See fallout: https://github.com/sailingnaturali/signalk-dsc/blob/056bfe0d300365f9c45f0c2f717577a0e62fcb2b/.github/dependabot.yml#L15-L19
And (side note) this type of workflow should be recommended to all plugin authors such that they pickup changes in your central workflow.
https://github.com/sailingnaturali/signalk-dsc/blob/main/.github/dependabot.yml
Nothing on fire, just wanted to flag it before more repos pick it up.
The cleanup doesn't need a force-push or any history rewrite. Since it's just a bogus tag (not a real cut on the wrong commit), deleting the tag is non-destructive, deleting a ref isn't a force update and it makes the Dependabot suggestions disappear at the source:
This would do it:
git push origin :refs/tags/v6.6.6
(No Release to clean up, since none was created. Only possible catch is tag-protection rules, if any are set then it needs a maintainer with delete perms.)
Much Thanks! 🙏
I've see a v6.6.6 tag on this repo that looks accidental. It points at 7d96d52 (a 2019 commit titled "condition"), it's the only 6.x tag in a repo that's otherwise on 1.x/2.x, and there's no Release attached to it.
It creates this issue: Dependabot in the downstream plugin repos that pin uses: SignalK/signalk-server/.github/workflows/plugin-ci.yml@ sees v6.6.6 as the "latest" and keeps proposing to upgrade everyone to it. Since it's not a real release, those are phantom bumps.
See fallout: https://github.com/sailingnaturali/signalk-dsc/blob/056bfe0d300365f9c45f0c2f717577a0e62fcb2b/.github/dependabot.yml#L15-L19
And (side note) this type of workflow should be recommended to all plugin authors such that they pickup changes in your central workflow.
https://github.com/sailingnaturali/signalk-dsc/blob/main/.github/dependabot.yml
Nothing on fire, just wanted to flag it before more repos pick it up.
The cleanup doesn't need a force-push or any history rewrite. Since it's just a bogus tag (not a real cut on the wrong commit), deleting the tag is non-destructive, deleting a ref isn't a force update and it makes the Dependabot suggestions disappear at the source:
This would do it:
git push origin :refs/tags/v6.6.6(No Release to clean up, since none was created. Only possible catch is tag-protection rules, if any are set then it needs a maintainer with delete perms.)
Much Thanks! 🙏