Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the actions group with 4 updates #2724

Merged
merged 1 commit into from
Jan 17, 2025
Merged

Bump the actions group with 4 updates #2724

merged 1 commit into from
Jan 17, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 16, 2025

Bumps the actions group with 4 updates: conda-incubator/setup-miniconda, codecov/codecov-action, actions/setup-python and pypa/gh-action-pypi-publish.

Updates conda-incubator/setup-miniconda from 3.0.4 to 3.1.0

Release notes

Sourced from conda-incubator/setup-miniconda's releases.

Version 3.1.0

Features

  • #367: Add conda-remove-defaults setting to remove the defaults channel if added implicitly
  • #342: Add installation-dir to customize where the installers are installed to
  • #328: Make conda's cache configurable via pkgs-dirs

Fixes

  • #360: Start deprecation of miniforge-variant: Mambaforge
  • #362: Ignore conda cygpath warning
  • #368: Address mamba v2 incompatibilities
  • #350: set CONDA environment variable regardless of useBundled option

Tasks and Maintenance

  • #353: Bump semver and @​types/semver
  • #356: Bump braces from 3.0.2 to 3.0.3
  • #359: Bump semver from 7.6.2 to 7.6.3
  • #370: Bump @​actions/core from 1.10.1 to 1.11.1

#360: conda-incubator/setup-miniconda#360 #362: conda-incubator/setup-miniconda#362 #368: conda-incubator/setup-miniconda#368 #367: conda-incubator/setup-miniconda#367 #342: conda-incubator/setup-miniconda#342 #328: conda-incubator/setup-miniconda#328 #350: conda-incubator/setup-miniconda#350 #348: conda-incubator/setup-miniconda#348 #353: conda-incubator/setup-miniconda#353 #356: conda-incubator/setup-miniconda#356 #359: conda-incubator/setup-miniconda#359 #370: conda-incubator/setup-miniconda#370

Changelog

Sourced from conda-incubator/setup-miniconda's changelog.

v3.1.0 (2024-10-31)

Features

  • #367: Add conda-remove-defaults setting to remove the defaults channel if added implicitly
  • #342: Add installation-dir to customize where the installers are installed to
  • #328: Make conda's cache configurable via pkgs-dirs

Fixes

  • #360: Start deprecation of miniforge-variant: Mambaforge
  • #362: Ignore conda cygpath warning
  • #368: Address mamba v2 incompatibilities
  • #350: set CONDA environment variable regardless of useBundled option

Tasks and Maintenance

  • #348: Bump conda-incubator/setup-miniconda from 3.0.3 to 3.0.4
  • #353: Bump semver and @​types/semver
  • #356: Bump braces from 3.0.2 to 3.0.3
  • #359: Bump semver from 7.6.2 to 7.6.3
  • #370: Bump @​actions/core from 1.10.1 to 1.11.1

#360: conda-incubator/setup-miniconda#360 #362: conda-incubator/setup-miniconda#362 #368: conda-incubator/setup-miniconda#368 #367: conda-incubator/setup-miniconda#367 #342: conda-incubator/setup-miniconda#342 #328: conda-incubator/setup-miniconda#328 #350: conda-incubator/setup-miniconda#350 #348: conda-incubator/setup-miniconda#348 #353: conda-incubator/setup-miniconda#353 #356: conda-incubator/setup-miniconda#356 #359: conda-incubator/setup-miniconda#359 #370: conda-incubator/setup-miniconda#370

Commits
  • d2e6a04 Update changelog for 3.1.0 (#373)
  • 0e14962 Bump @​actions/core from 1.10.1 to 1.11.1 (#370)
  • 4a3d80f Bump semver from 7.6.2 to 7.6.3 (#359)
  • 27f1202 set CONDA environment variable regardless of useBundled option (#350)
  • 1a6b55c Make conda’s package directories configurable (#328)
  • 6225267 Add installation-dir to customize where the installers are installed to (#342)
  • 65da104 Add 'conda-remove-defaults' setting and support 'nodefaults' as a keyword cha...
  • 899c78d Address mamba v2 incompatibilities (#368)
  • 8f65dda Ignore conda cygpath warning (#362)
  • e5293c8 Start deprecation of miniforge-variant: Mambaforge (#360)
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 4 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Commits

Updates actions/setup-python from 5.2.0 to 5.3.0

Release notes

Sourced from actions/setup-python's releases.

v5.3.0

What's Changed

Bug Fixes:

Enhancements:

New Contributors

Full Changelog: actions/setup-python@v5...v5.3.0

Commits

Updates pypa/gh-action-pypi-publish from 1.10.3 to 1.12.3

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.3

✨ What's Improved

With the updates by @​woodruffw💰 and @​webknjaz💰 via #309 and #313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP] Please, let us know in the release discussion if anything still remains unclear. TL;DR always call pypi-publish once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use pypi-publish on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call pypi-publish from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @​woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.2...v1.12.3

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​samuelcolvin💰 for nudging me to cut this release sooner and for sponsoring me via @​pydantic💰!

🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

v1.12.2

🐛 What's Fixed

The fix for signing legacy zip sdists turned out to be incomplete, so @​woodruffw💰 promptly produced another follow-up that updated pypi-attestations from v0.0.13 to v0.0.15 in #297. This is the only change since the previous release.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.1...v1.12.2

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

v1.12.1

🐛 What's Fixed

Version v1.12.0 hit several rare corner cases we never considered fully supported, and this release fixes a few of those. In #294, @​webknjaz💰 improved the self-hosted runner experience by pre-installing Python if it's not there, and with #293 the ability to use the action on GitHub Enterprise instances has been restored. The latter should've also fixed the ability to invoke pypi-publish from nested in-repo composite actions — another exotic use-case that was never tested in our CI.

... (truncated)

Commits
  • 67339c7 📦 Only keep lower bounds @ input requirements
  • cbd6d01 📝Fix a typo in "privileges" @ README
  • 7252a9a 📝 Outline unsupported scenarios in README
  • a536fa9 📌📦 Include jeepney & secretstorage pins
  • 43caae4 💅📦 Split transitive dep constraints
  • f371c3d Merge pull request #313 from webknjaz/maintenance/metadata-2.4
  • 138a121 📌📦 Pin pkginfo to v1.12 @ runtime deps
  • ff2b051 🧪 Add a Maturin-based package to CI
  • 0a0a6ae 🧪 Allow CI to register multiple distributions
  • e7723a4 Merge pull request #309 from trail-of-forks/ww/bumptwine
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the actions group with 4 updates
072cc6e 
Bumps the actions group with 4 updates: [conda-incubator/setup-miniconda](https://github.com/conda-incubator/setup-miniconda), [codecov/codecov-action](https://github.com/codecov/codecov-action), [actions/setup-python](https://github.com/actions/setup-python) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).


Updates `conda-incubator/setup-miniconda` from 3.0.4 to 3.1.0
- [Release notes](https://github.com/conda-incubator/setup-miniconda/releases)
- [Changelog](https://github.com/conda-incubator/setup-miniconda/blob/main/CHANGELOG.md)
- [Commits](conda-incubator/setup-miniconda@v3.0.4...v3.1.0)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

Updates `actions/setup-python` from 5.2.0 to 5.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5.2.0...v5.3.0)

Updates `pypa/gh-action-pypi-publish` from 1.10.3 to 1.12.3
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@v1.10.3...v1.12.3)

---
updated-dependencies:
- dependency-name: conda-incubator/setup-miniconda
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 16, 2025
@jhamman jhamman merged commit b1480d7 into support/v2 Jan 17, 2025
17 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/support/v2/actions-36cc8ee520 branch January 17, 2025 00:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhamman jhamman jhamman approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jhamman