fix(ci): update all failing workflows by @mayeut in actions/setup-python#863
This update ensures compatibility and optimal performance of workflows on the latest macOS version.
We now use uv's new uv cache prune --ci to only cache downloaded files. This makes the cache smaller and faster to pack/unpack. #135
Fixed
Turns out, the default location of uv's cache cannot be cached and actions/cache fails silently with an opaque "Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved." log message. We have moved the cache to /tmp. #135
v2.7.0
Added
A header before package contents in the summary. Especially useful together with a preceding build provenance attestation. #131
Use uv's new uv cache prune --ci to only cache downloaded files.
This makes the cache smaller and faster to pack/unpack.
#135
Fixed
Turns out, the default location of uv's cache cannot be cached and actions/cache fails silently with an opaque "Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved." log message.
We have moved the cache to /tmp.
#135
Update default CodeQL bundle version to 2.18.1. #2385
3.25.14 - 25 Jul 2024
Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time.
Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
3.25.12 - 12 Jul 2024
Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuildbuild mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
Update default CodeQL bundle version to 2.18.0. #2364
Commits
afb54ba Merge pull request #2391 from github/update-v3.25.15-4b1d7da10
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 5 updates:
5.1.05.1.12.6.02.8.04.1.74.1.84.3.34.3.43.25.113.25.15Updates
actions/setup-pythonfrom 5.1.0 to 5.1.1Release notes
Sourced from actions/setup-python's releases.
Commits
39cd149Documentation update for cache (#873)a0d74c0fix(ci): update all failing workflows (#863)4eb7dbcBump braces from 3.0.2 to 3.0.3 (#893)Updates
hynek/build-and-inspect-python-packagefrom 2.6.0 to 2.8.0Release notes
Sourced from hynek/build-and-inspect-python-package's releases.
Changelog
Sourced from hynek/build-and-inspect-python-package's changelog.
Commits
2dbbf2bv2.8.012cdfb4Automated dependency upgrades (#136)0b18de8Prune uv's CI cache (#135)e2e1d19Start new cyclefdf1c7d77Fix CI7880597v2.7.02937224Automated dependency upgrades (#134)a2f7fd4Automated dependency upgrades (#132)5afaeb9Add provenance header to summary for nicer readability (#131)8f18e33Automated dependency upgrades (#130)Updates
actions/download-artifactfrom 4.1.7 to 4.1.8Release notes
Sourced from actions/download-artifact's releases.
Commits
fa0a91bMerge pull request #341 from actions/robherley/bump-pkgsb54d088Update@actions/artifactversion, bump dependenciesUpdates
actions/upload-artifactfrom 4.3.3 to 4.3.4Release notes
Sourced from actions/upload-artifact's releases.
Commits
0b2256bMerge pull request #584 from actions/robherley/bump-pkgs488dceflicensed cache04c51f5ncc32a9e27bump@actions/artifactand npm audit552bf37new version79616d2Merge pull request #565 from actions/eggyhead/use-artifact-v2.1.6Updates
github/codeql-actionfrom 3.25.11 to 3.25.15Changelog
Sourced from github/codeql-action's changelog.
Commits
afb54baMerge pull request #2391 from github/update-v3.25.15-4b1d7da1057a4b22Update changelog for v3.25.154b1d7daMerge pull request #2385 from github/update-bundle/codeql-bundle-v2.18.197e8f69Merge branch 'main' into update-bundle/codeql-bundle-v2.18.1f8e94f9Merge pull request #2389 from github/mergeback/v3.25.14-to-main-5cf07d8b9e375a8Update checked-in dependencies02d73d0Update changelog and version after v3.25.145cf07d8Merge pull request #2388 from github/update-v3.25.14-1b214db07ecab108Update changelog for v3.25.141b214dbMerge pull request #2387 from github/aibaars/remove-set-secretDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show