ci(dependabot): drop the broken swift ecosystem#42
Merged
Conversation
The `swift` package-ecosystem failed on every daily run since it was added (#32) and never opened a single PR. Dependabot's Swift updater only reads SPM manifests committed to the git tree (`Package.swift` plus the `Package.resolved` lockfile), but this repo has none: `*.xcodeproj` and `Package.resolved` are both gitignored, and the SPM dependencies are declared only in xcodegen's `project.yml`, which Dependabot cannot parse. So the scan finds nothing and aborts with `dependency_file_not_found: "No files found in /"`. Nothing is lost by removing it: the build commits no lockfile and resolves each package to the latest version within its major on every CI run, so the Swift updater had no pins to bump even in principle. The github-actions ecosystem is unaffected and keeps working. Signed-off-by: Kevin Cui <bh@bugs.cc>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
Summary by CodeRabbit
WalkthroughThe Possibly related PRs
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✨ Finishing Touches✨ Simplify code
Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
swiftpackage-ecosystem entry has failed on every daily run since it was added in #32, and never once opened a PR — see the latest failure in run 28232164874.The cause is an architecture mismatch. Dependabot's Swift updater only reads SPM manifests committed to the git tree — a
Package.swiftplus itsPackage.resolvedlockfile — but this repo has neither:*.xcodeprojandPackage.resolvedare both gitignored, and the SPM dependencies (Sparkle, KeyboardShortcuts, PermissionFlow) are declared only in xcodegen'sproject.yml, which Dependabot can't parse. So the scan finds nothing and aborts withdependency_file_not_found: "No files found in /". The config comment claiming Dependabot would discover a nestedPackage.resolvedinside the.xcodeprojwas wrong — that path is gitignored and never committed.Removing the entry costs nothing real: the build commits no lockfile and resolves each package to the latest version within its major on every CI run, so the Swift updater had no pins to bump even in principle. The
github-actionsecosystem is untouched and keeps working (it landed #33).