Release v1.3.2 has introduced a breaking change
marktarry-mobysoft opened this issue · comments
We've been using the dependabot/fetch-metadata action for a short time, referencing the v1 tag in our workflows:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1Today we started seeing multiple workflow failures, each reporting the following error:
Download action repository 'dependabot/fetch-metadata@v1' (SHA:90ed90dba204fdf8970c1f891b4349c96353f220)
Error: dependabot/fetch-metadata/v1/action.yml:
Error: dependabot/fetch-metadata/v1/action.yml: (Line: 18, Col: 113, Idx: 682) - (Line: 18, Col: 141, Idx: 710): While parsing a block mapping, did not find expected key.
Error: System.ArgumentException: Unexpected type '' encountered while reading 'action manifest root'. The type 'MappingToken' was expected.
at GitHub.DistributedTask.ObjectTemplating.Tokens.TemplateTokenExtensions.AssertMapping(TemplateToken value, String objectDescription)
at GitHub.Runner.Worker.ActionManifestManager.Load(IExecutionContext executionContext, String manifestFile)
Error: Fail to load dependabot/fetch-metadata/v1/action.yml
Comparing v1.3.1 against v1.3.2, I can see that "(Line: 18, Col: 113, Idx: 682) - (Line: 18, Col: 141, Idx: 710)" refers to the description attribute of the new skip-commit-verification option introduced by v1.3.2:
skip-commit-verification:
type: boolean
description: 'If true, the action will not expect Dependabot commits to be verified. This should be set as 'true' in GHES environments.'
default: falseColumn 113 marks the single-quotation at the start of 'true' in GHES environments.. This is invalid YAML syntax - as the entire string is surrounded by single-quotes.
Workaround
Changing our workflow to specify v1.3.1 has temporarily resolved the issue for us:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.3.1Closing this as a duplicate of #235