gitoxide icon indicating copy to clipboard operation
gitoxide copied to clipboard
verified publisher icon Byron

Bump the github-actions group with 6 updates

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps the github-actions group with 6 updates:

Package From To
actions/checkout 3 4
extractions/setup-just 1 2
actions/upload-artifact 3 4
dtolnay/rust-toolchain 1.67.0 1.80.0
actions/download-artifact 3 4
actions/upload-release-asset 1.0.1 1.0.2

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

... (truncated)

Commits

Updates extractions/setup-just from 1 to 2

Commits

Updates actions/upload-artifact from 3 to 4

Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

  1. The changelog post.
  2. The README.
  3. The migration documentation.
  4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v4.0.0

v3.1.3

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v3.1.3

v3.1.2

  • Update all @actions/* NPM packages to their latest versions- #374
  • Update all dev dependencies to their most recent versions - #375

v3.1.1

  • Update actions/core package to latest version to remove set-output deprecation warning #351

v3.1.0

What's Changed

Commits
  • 6546280 updating package version
  • c004fb4 Merge branch 'main' into eggyhead/use-artifact-v2.1.6
  • 90aba49 updating toolkit artifact dependency to 2.1.6
  • b06cde3 Merge pull request #563 from actions/eggyhead/release-4.3.2
  • 1746f4a Revert "updating to release 4.3.2"
  • 31685d0 updating to release 4.3.2
  • 18bf333 Merge pull request #562 from actions/eggyhead/update-artifact-v215
  • dac413b update package lock version
  • bb3b4a3 updating package version
  • 3e3da83 updating artifact and core dependencies
  • Additional commits viewable in compare view

Updates dtolnay/rust-toolchain from 1.67.0 to 1.80.0

Commits

Updates actions/download-artifact from 3 to 4

Release notes

Sourced from actions/download-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

  1. The changelog post.
  2. The README.
  3. The migration documentation.
  4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

Full Changelog: https://github.com/actions/download-artifact/compare/v3...v4.0.0

v3.0.2

  • Bump @actions/artifact to v1.1.1 - actions/download-artifact#195
  • Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278

v3.0.1

Commits
  • 65a9edc Merge pull request #325 from bethanyj28/main
  • fdd1595 licensed
  • c13dba1 update @​actions/artifact dependency
  • 0daa75e Merge pull request #324 from actions/eggyhead/use-artifact-v2.1.6
  • 9c19ed7 Merge branch 'main' into eggyhead/use-artifact-v2.1.6
  • 3d3ea87 updating license
  • 89af5db updating artifact package v2.1.6
  • b4aefff Merge pull request #323 from actions/eggyhead/update-artifact-v215
  • 8caf195 package lock update
  • d7a2ec4 updating package version
  • Additional commits viewable in compare view

Updates actions/upload-release-asset from 1.0.1 to 1.0.2

Release notes

Sourced from actions/upload-release-asset's releases.

Automate sliding major version number

This is a minor update to make the current release have the latest code from master, and additionally allows for a new automation workflow to execute to automate the sliding of the major (v1, v2, v3, etc) version numbers for ease of referencing

Commits
  • e8f9f06 Merge pull request #27 from actions/IAmHughes/add-automated-versioning
  • 1418754 Add versioning action to automatically slide major versions with releases
  • 7d8fb6c Merge pull request #6 from actions/IAmHughes/fix-link-to-license
  • c53f077 Fix link to LICENSE
  • 72e8a5e Merge pull request #5 from cesperanc/documentation-update
  • bf2a7fb Update example to use the fixed version
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar May 07 '24 18:05 dependabot[bot]

@dependabot rebase main

Byron avatar May 07 '24 19:05 Byron

Thank you!

I actually plan to remove this action entirely in favor of plain rustup calls, so probably won't end up merging #1364.

Byron avatar May 08 '24 05:05 Byron

Thank you!

I actually plan to remove this action entirely in favor of plain rustup calls, so probably won't end up merging #1364.

Sounds good.

I hope Dependabot is not the reason for replacing that action, since even if you don't want the changes from #1364 in the configuration, Dependabot can be told to ignore updates with @dependabot ignore, or the steps that use it can be written differently to specify master as the ref and to request the toolchain version in an option passed under with:. But I would guess that this is not the reason for switching to explicit rustup calls.

Regardless of the reason, I will go ahead and close #1364 if it is still open after this PR is merged--because this PR contains c97ee27 which makes it unnecessary--unless you indicate that it should remain open. (And of course I have no objection to you closing it, if you like!)

EliahKagan avatar May 08 '24 05:05 EliahKagan

But I would guess that this is not the reason for switching to explicit rustup calls.

It's a long-standing issue of over-abstraction and I thought it was a fruit hanging low enough to tackle now, as a form of warmup.

Please also note that Windows was subtly broken, but that's fixed in https://github.com/Byron/gitoxide/pull/1363/commits/91b65495f14cd58c8b178f359354749b39dc4008 which lives in this PR - it's my work-PR that captures feature-goals but is also often used to contain smaller fixes which may be merged back occasionally. I should probably use that less in favor of separate PRs now.

Byron avatar May 08 '24 06:05 Byron

Thanks for clarification regarding rustup. This makes sense.

For the Windows breakage, at least in this instance, I'm not aware of any reason having the fix for in that PR would be a problem, at least for anything I'm working on. But I understand having separate PRs for such things does have benefits.

I have an idea about that though, which might potentially lead to an alternative fix. So I've commented https://github.com/Byron/gitoxide/pull/1363#issuecomment-2099889848 about that.

EliahKagan avatar May 08 '24 07:05 EliahKagan