Skip to content

action-allowlist-review: bump docker/setup-qemu-action from 4.1.0 to 4.2.0 in /.github/actions/for-dependabot-triggered-reviews #228

action-allowlist-review: bump docker/setup-qemu-action from 4.1.0 to 4.2.0 in /.github/actions/for-dependabot-triggered-reviews

action-allowlist-review: bump docker/setup-qemu-action from 4.1.0 to 4.2.0 in /.github/actions/for-dependabot-triggered-reviews #228

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
name: Verify Dependabot Action Build
on:
pull_request:
paths:
- .github/actions/for-dependabot-triggered-reviews/action.yml
permissions:
contents: read
pull-requests: read
jobs:
verify:
if: github.event.pull_request.user.login == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- run: pipx install uv
- name: Verify action build
run: |
# Disable workflow command processing so that strings like
# "##[add-matcher]" or "::error::" in action diffs are not
# interpreted as GitHub Actions commands.
stop_token="$(uuidgen)"
echo "::stop-commands::${stop_token}"
uv run utils/verify-action-build.py --ci --from-pr "${{ github.event.pull_request.number }}"
rc=$?
echo "::${stop_token}::"
exit $rc
env:
GH_TOKEN: ${{ github.token }}