From bf3b422d6a2d3b216bcaca29eda7da0e3ee257b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 18:43:24 +0000 Subject: [PATCH 1/2] Bump the workflows group across 1 directory with 6 updates Bumps the workflows group with 6 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.0` | | [conda/actions](https://github.com/conda/actions) | `24.5.0` | `24.8.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.5.0` | `4.6.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.4` | `4.4.0` | | [CodSpeedHQ/action](https://github.com/codspeedhq/action) | `2.4.3` | `3.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.1.1` | `5.2.0` | Updates `actions/checkout` from 4.1.7 to 4.2.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938) Updates `conda/actions` from 24.5.0 to 24.8.0 - [Release notes](https://github.com/conda/actions/releases) - [Commits](https://github.com/conda/actions/compare/v24.5.0...15f883f14f4232f83658e3609c3316d58905138f) Updates `codecov/codecov-action` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/e28ff129e5465c2c0dcc6f003fc735cb6ae0c673...b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238) Updates `actions/upload-artifact` from 4.3.4 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b2256b8c012f0828dc542b3febcab082c67f72b...50769540e7f4bd5e21e526ee35c689e35e0d6874) Updates `CodSpeedHQ/action` from 2.4.3 to 3.0.0 - [Release notes](https://github.com/codspeedhq/action/releases) - [Changelog](https://github.com/CodSpeedHQ/action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codspeedhq/action/compare/a58b84c0b61569a9cbb7cfb378cc849d65cf1ce5...ab07afd34cbbb7a1306e8d14b7cc44e029eee37a) Updates `actions/setup-python` from 5.1.1 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflows - dependency-name: conda/actions dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflows - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflows - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflows - dependency-name: CodSpeedHQ/action dependency-type: direct:production update-type: version-update:semver-major dependency-group: workflows - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: workflows ... Signed-off-by: dependabot[bot] --- .github/workflows/builds-review.yaml | 4 ++-- .github/workflows/docs.yml | 2 +- .github/workflows/labels.yml | 2 +- .github/workflows/tests.yml | 32 ++++++++++++++-------------- .github/workflows/update.yml | 2 +- .github/workflows/upload.yml | 2 +- 6 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/builds-review.yaml b/.github/workflows/builds-review.yaml index 488b188025..9156cf084e 100644 --- a/.github/workflows/builds-review.yaml +++ b/.github/workflows/builds-review.yaml @@ -48,14 +48,14 @@ jobs: # Clean checkout of specific git ref needed for package metadata version # which needs env vars GIT_DESCRIBE_TAG and GIT_BUILD_STR: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ github.ref }} clean: true fetch-depth: 0 - name: Create and upload review build - uses: conda/actions/canary-release@976289d0cfd85139701b26ddd133abdd025a7b5f # v24.5.0 + uses: conda/actions/canary-release@15f883f14f4232f83658e3609c3316d58905138f # v24.8.0 with: package-name: ${{ github.event.repository.name }} subdir: ${{ matrix.subdir }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index ef62e267f0..98c5181458 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -22,7 +22,7 @@ jobs: if: '!github.event.repository.fork' runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - name: Setup diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 6fd09350b3..543a4dca65 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -23,7 +23,7 @@ jobs: GLOBAL: https://raw.githubusercontent.com/conda/infra/main/.github/global.yml LOCAL: .github/labels.yml steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - id: has_local uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 10a8c1b98b..f4cca293bb 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -45,7 +45,7 @@ jobs: code: ${{ steps.filter.outputs.code }} steps: - name: Checkout Source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # dorny/paths-filter needs git clone for non-PR events # https://github.com/dorny/paths-filter#supported-workflows if: github.event_name != 'pull_request' @@ -103,7 +103,7 @@ jobs: steps: - name: Checkout Source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -151,13 +151,13 @@ jobs: -m "${{ env.PYTEST_MARKER }}" - name: Upload Coverage - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: flags: ${{ runner.os }},${{ runner.arch }},${{ matrix.python-version }},${{ matrix.test-type }} - name: Upload Test Results if: '!cancelled()' - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 with: name: test-results-${{ env.HASH }} path: | @@ -183,7 +183,7 @@ jobs: steps: - name: Checkout Source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -230,7 +230,7 @@ jobs: run: conda list --show-channel-urls - name: Run Benchmarks - uses: CodSpeedHQ/action@a58b84c0b61569a9cbb7cfb378cc849d65cf1ce5 # v2.4.3 + uses: CodSpeedHQ/action@ab07afd34cbbb7a1306e8d14b7cc44e029eee37a # v3.0.0 with: token: ${{ secrets.CODSPEED_TOKEN }} run: $CONDA/envs/test/bin/pytest --codspeed @@ -263,7 +263,7 @@ jobs: steps: - name: Checkout Source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -318,13 +318,13 @@ jobs: -m "${{ env.PYTEST_MARKER }}" - name: Upload Coverage - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: flags: ${{ runner.os }},${{ runner.arch }},${{ matrix.python-version }},${{ matrix.test-type }} - name: Upload Test Results if: '!cancelled()' - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 with: name: test-results-${{ env.HASH }} path: | @@ -366,7 +366,7 @@ jobs: steps: - name: Checkout Source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -436,13 +436,13 @@ jobs: CONDA_BUILD_SYSROOT: ${{ env.MACOSX_SDK_ROOT }} - name: Upload Coverage - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: flags: ${{ runner.os }},${{ runner.arch }},${{ matrix.python-version }},${{ matrix.test-type }} - name: Upload Test Results if: '!cancelled()' - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 with: name: test-results-${{ env.HASH }} path: | @@ -468,7 +468,7 @@ jobs: - name: Upload Combined Test Results # provides one downloadable archive of all matrix run test results for further analysis - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 with: name: test-results-${{ github.sha }}-all path: test-results-* @@ -523,7 +523,7 @@ jobs: # Clean checkout of specific git ref needed for package metadata version # which needs env vars GIT_DESCRIBE_TAG and GIT_BUILD_STR: - name: Checkout Source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ github.ref }} clean: true @@ -531,7 +531,7 @@ jobs: # Explicitly use Python 3.12 since each of the OSes has a different default Python - name: Setup Python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.12' @@ -557,7 +557,7 @@ jobs: Path(environ["GITHUB_ENV"]).write_text(f"ANACONDA_ORG_LABEL={label}") - name: Create & Upload - uses: conda/actions/canary-release@976289d0cfd85139701b26ddd133abdd025a7b5f # v24.5.0 + uses: conda/actions/canary-release@15f883f14f4232f83658e3609c3316d58905138f # v24.8.0 with: package-name: ${{ github.event.repository.name }} subdir: ${{ matrix.subdir }} diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 69a65aee6e..91224cfec9 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -44,7 +44,7 @@ jobs: echo REPOSITORY=$(curl --silent ${{ github.event.issue.pull_request.url }} | jq --raw-output '.head.repo.full_name') >> $GITHUB_ENV echo REF=$(curl --silent ${{ github.event.issue.pull_request.url }} | jq --raw-output '.head.ref') >> $GITHUB_ENV - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: repository: ${{ env.REPOSITORY || github.repository }} ref: ${{ env.REF || '' }} diff --git a/.github/workflows/upload.yml b/.github/workflows/upload.yml index 475131a0a1..7caea905ef 100644 --- a/.github/workflows/upload.yml +++ b/.github/workflows/upload.yml @@ -27,7 +27,7 @@ jobs: ARCHIVE_NAME: ${{ github.event.repository.name }}-${{ github.ref_name }} steps: - name: Checkout Source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Create Release Directory run: mkdir -p release From 8d352e848a5cdd34b14e10475219bc17576ae5f1 Mon Sep 17 00:00:00 2001 From: Ken Odegard Date: Tue, 1 Oct 2024 13:59:59 -0500 Subject: [PATCH 2/2] Add version number to actions/upload-artifact action --- .github/workflows/tests.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f4cca293bb..aabb4abdb0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -157,7 +157,7 @@ jobs: - name: Upload Test Results if: '!cancelled()' - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: test-results-${{ env.HASH }} path: | @@ -324,7 +324,7 @@ jobs: - name: Upload Test Results if: '!cancelled()' - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: test-results-${{ env.HASH }} path: | @@ -442,7 +442,7 @@ jobs: - name: Upload Test Results if: '!cancelled()' - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: test-results-${{ env.HASH }} path: | @@ -468,7 +468,7 @@ jobs: - name: Upload Combined Test Results # provides one downloadable archive of all matrix run test results for further analysis - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: test-results-${{ github.sha }}-all path: test-results-*