Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ci]: Bump actions/checkout from 1 to 4 in the ci-dependencies group #6453

Merged
merged 3 commits into from
May 21, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 10, 2024

Bumps the ci-dependencies group with 1 update: actions/checkout.

Updates actions/checkout from 1 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 1 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v1...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@jameslamb
Copy link
Collaborator

jameslamb commented May 10, 2024

Was just about to post this over on #6438 ... A bunch of these are failing because we test older versions of things in old container images that have old GLIBC ... and GitHub Actions is pushing all actions to use Node 20+ which requires at least GLIBC 2.28.

/__e/node20/bin/node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /__e/node20/bin/node)

build link

I don't want to give up our test coverage on older systems just to update a GitHub Action that runs git clone. @borchero do you know if it's possible to skip some upgrades? Like a // nolint comment or something?

@borchero
Copy link
Collaborator

Like a // nolint comment or something?

Not that I know of :/ afaik, you can only instruct dependabot to skip versions (across all files)...

@jameslamb
Copy link
Collaborator

hmmmm ok

I'm not sure how we resolve this. Many GitHub Actions are raising these node16-to-node20 warnings and it's a system-level thing GitHub is pushing for.... but there are still not-end-of-life-yet systems with GLIBC < 2.28 that we want to test on.

Some relevant links:

Given that, I think we should ignore this for now, like this:

[at]dependabot ignore actions/checkout 4

@jameslamb
Copy link
Collaborator

I thought about this some more.... most of these changes will actually work! There are only 2 of them that can't automatically be applied:

I just pushed c58b5ab manually reverting dependabot's changes to those.

I think that'll allow CI to pass here and then we can merge most of these changes!

Copy link
Collaborator

@borchero borchero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me @jameslamb, let's proceed with some of the updates at least 😄

@borchero borchero merged commit dd9da91 into master May 21, 2024
38 checks passed
@borchero borchero deleted the dependabot/github_actions/ci-dependencies-8a9da2b879 branch May 21, 2024 22:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants