Upgrade GitHub Actions in CI workflows#132
Merged
Merged
Conversation
Cygwin: CI: update Actions versions Update both versioned actions in `cygwin.yml` to current major versions: `actions/checkout` from v3 to v6 (in both invocations: the Fedora cross-build job and the windows-2022 native build job) and `actions/upload-artifact` from v4 to v6 (the "Upload test logs" step that publishes the testsuite `*.log` and `*.trs` artifacts). All three call sites use the actions with default arguments, so the bumps are behaviorally transparent: they exist purely to advance the underlying Node.js runtime to v24 on the GitHub Actions runners and to retire the v3/v4 deprecation warnings emitted on each workflow run. Cygwin upstream's `cygwin.yml` still pins the older v3 and v4 revisions. Carrying this bump in the Git for Windows fork keeps the fork's CI clean ahead of upstream catching up at the next merging-rebase. Originally-authored-by: dependabot[bot] <support@github.com> Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Bring `actions/upload-artifact` in `cygwin.yml` from v6 up to v7. The v7 major release adds an optional `archive: false` mode for uploading a single file unzipped and migrates the action's internal implementation to ESM modules. Neither change affects the existing "Upload test logs" step, which continues to upload a directory tree of `*.log` and `*.trs` files via the default zipped-archive mode. See https://github.com/actions/upload-artifact/releases/tag/v7.0.0 for the v7 release notes. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
fixup! CI: add a GHA for doing a basic build test Bring the two artifact actions in `build.yaml` up from the v4 revisions that existed when the workflow was originally introduced in 2020: `actions/upload-artifact` from v4 to v6 (the "Upload" step that publishes the just-built `_dest/` install tree as the `install` artifact) and `actions/download-artifact` from v4 to v7 (the "Download msys2-runtime artifact" step in the `msys2-tests` job that overlays that artifact on top of the runner's MSYS2 installation). Both steps invoke the actions with default arguments, so the bumps are behaviorally transparent: they advance the Node.js runtime on the runners and retire the v4 deprecation warnings without altering the upload or download semantics. The asymmetric target versions (upload v6, download v7) simply reflect each action's then-current latest major release. Originally-authored-by: dependabot[bot] <support@github.com> Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
fixup! CI: add a GHA for doing a basic build test Bring `actions/checkout` in `build.yaml` up from v4 (untouched since the workflow was first introduced in 2020) to the current latest major v6. The single "Checkout code" step uses default settings, so the bump is behaviorally transparent: it advances the underlying Node.js runtime on the GitHub Actions runner and retires the v4 deprecation warning without changing checkout semantics. Originally-authored-by: dependabot[bot] <support@github.com> Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Bring the two artifact actions in `build.yaml` up to the latest stable major versions: `actions/upload-artifact` from v6 to v7, and `actions/download-artifact` from v7 to v8. The `actions/checkout` step remains on v6, which is still the current latest major. The v7 release of `actions/upload-artifact` (see https://github.com/actions/upload-artifact/releases/tag/v7.0.0) adds an optional `archive: false` mode for uploading a single file unzipped, and migrates the package to ESM modules. The "Upload" step here packages the entire `_dest/` install directory as an artifact, so the default zipped-archive mode continues to apply unchanged. The v8 release of `actions/download-artifact` (see https://github.com/actions/download-artifact/releases/tag/v8.0.0) makes two behavior changes that matter for callers. Firstly, the action now inspects the `Content-Type` header before unzipping and skips non-zipped artifacts, complementing the new direct-upload mode in `upload-artifact@v7`; the msys2-runtime install artifact uploaded earlier in this workflow continues to be a zipped archive and is therefore unzipped as before into the MSYS2 install root. Secondly, hash-digest mismatches between the requested artifact and the downloaded payload now fail the step by default (the previous behavior only emitted a warning); the new `digest-mismatch` input can be set back to `warn` if needed, but failing fast is the safer default for a CI flow that immediately overlays the downloaded files on top of the live MSYS2 installation. Both major version bumps additionally pull in the ESM migration from the underlying `@actions/*` toolkit packages, which is transparent for this workflow. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Some Action version updates for MSYS2's CI definition.
Bring the three actions newly introduced by this commit in `build.yaml` up to their latest stable major versions. `actions/github-script` is bumped from v8 to v9. The v9 release (see https://github.com/actions/github-script/releases/tag/v9.0.0) upgrades the bundled `@actions/github` package to v9, which is now ESM-only, and exposes a new `getOctokit` factory function as a script parameter for callers that need additional authenticated clients. It also drops the ability to redeclare `getOctokit` via `const`/`let`, and removes the `require('@actions/github')` escape hatch. The script invoked here only uses the injected `github` client to call `github.rest.actions.listWorkflowRuns` for the latest successful `ci-artifacts.yml` run, so none of the breaking changes apply. `actions/download-artifact` is bumped from v7 to v8. The v8 release (see https://github.com/actions/download-artifact/releases/tag/v8.0.0) inspects the `Content-Type` header before unzipping (so the new unzipped uploads from `upload-artifact@v7` round-trip correctly) and makes hash-digest mismatches fail the step by default rather than emitting a warning; both changes are safe for the `install` artifact downloaded here, which is the zipped `_dest/` archive produced earlier in the same workflow run. `actions/upload-artifact` is bumped from v6 to v7 in the "upload minimal-sdk artifact" and "upload git artifacts for testing" steps, matching the bump that is already applied to the "Upload" step via the msys2-ci-fixups merge. Both steps upload a single `*.tar.gz` file, so they continue to use the default zipped-archive mode and are unaffected by the new `archive: false` option. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Bring the `actions/download-artifact` step that fetches the msys2-runtime build artifact in `ui-tests.yml` from v7 up to v8, matching the bumps applied to the other download-artifact steps in `build.yaml` via the msys2-ci-fixups merge and the companion `fixup! ci: run Git's entire test suite` commit. The v8 release (see https://github.com/actions/download-artifact/releases/tag/v8.0.0) checks the artifact's `Content-Type` header before unzipping (so the new unzipped uploads from `upload-artifact@v7` round-trip correctly) and turns hash-digest mismatches into hard errors instead of warnings. The artifact downloaded here is the zipped msys2-runtime install tree produced by the upstream `build` job, which uses the default zipped upload mode, so the new behavior applies cleanly: the archive is still unzipped into `${{ runner.temp }}/artifacts` as before, and any digest mismatch will now correctly fail the step rather than silently corrupting the MSYS2 install. The other actions referenced in this workflow (`actions/checkout` v6, `actions/cache/restore` v5, `actions/cache/save` v5, and `actions/setup-node` v6) are already at the current latest major versions and need no change here. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Bring the `actions/upload-artifact` step that publishes the
`ui-tests-${{ matrix.os }}` artifact from v6 up to v7, completing
the upload-artifact bump that the cygwin-CI and msys2-ci-fixups
sub-branch merges and the companion `fixup! ci: run Git's entire
test suite` commit have already applied to all the other
upload-artifact steps in this branch.
The v7 release (see
https://github.com/actions/upload-artifact/releases/tag/v7.0.0)
adds an optional `archive: false` mode for uploading a single file
unzipped, and migrates the bundled `@actions/*` packages to ESM.
The "Upload test results" step uploads the entire `ui-tests`
directory (the AutoHotKey scripts, screenshots, and `.log` files
captured by the test run), so it continues to use the default
zipped-archive mode and is not affected by the new option.
Assisted-by: Claude Opus 4.7
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dependabot: help keeping GitHub Actions versions up to date Add a minimal `.github/dependabot.yml` that subscribes the `github-actions` ecosystem at the repository root to weekly Dependabot scans. With this enabled, Dependabot opens a pull request whenever any GitHub Action referenced in `.github/workflows/*.yml` publishes a new release. Without this configuration, Action versions in this fork's CI silently drift behind their upstream releases until somebody notices a deprecation warning or a behavior change in CI. Letting Dependabot file the PRs preserves the manual review step (the maintainer still decides whether to merge each individual bump) while removing the busywork of polling each action's release page. The configuration follows the GitHub Actions example at https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#enabling-dependabot-version-updates-for-actions verbatim with no extra options. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
ci: run Git's entire test suite One particularly important part of Git for Windows' MSYS2 runtime is that it is used to run Git's tests, and regressions have happened there. For example, the first iteration of MSYS2 runtime v3.5.5 caused plenty of hangs. This was realized unfortunately only after deploying the msys2-runtime Pacman package, and some painful vacation-time scrambling was required to revert to v3.5.4. To verify that this does not happen anymore, this commit reuses what `setup-git-for-windows-sdk` uses in Git's very own CI: determine the latest successful `ci-artifacts` workflow run in `git-for-windows/git-sdk-64`, download its Git files, build artifacts, and minimal SDK, overwrite the MSYS2 runtime in the minimal SDK with the just-built version, and then run Git's test suite and the assorted validations exactly as the `ci-artifacts` workflow runs them (and from which these jobs are copied). This obviously adds a hefty time penalty (around 7 minutes!) to every MSYS2 runtime PR in the git-for-windows org. Happily, these days we don't need many of those, and the balance between things like the v3.5.5 scramble and waiting a little longer for the CI to finish is clearly in favor of the latter. Co-authored-by: Jeremy Drake <github@jdrake.com> Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Member
Author
|
No deployment needed: This PR's changes are purely in the |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR brings the GitHub Actions referenced in this repository's workflows up to their current latest stable major versions.
It supersedes the still-open Dependabot PRs #125 (
upload-artifact6 -> 7), #126 (download-artifact7 -> 8), and #129 (github-script8 -> 9), bundling them into the existing branch-ticket structure rather than landing each as an isolated direct-on-maincommit. The changes are:actions/checkout-> v6 (already at v6 for new workflows; bumped from v3 in the inheritedcygwin.yml)actions/upload-artifact-> v7 (bumped from v6 in cygwin.yml, build.yaml, ui-tests.yml; from v4 in the older fixup chain)actions/download-artifact-> v8 (bumped from v7 in build.yaml and ui-tests.yml)actions/github-script-> v9 (bumped from v8 in build.yaml)actions/cache-> v5 (already current)actions/setup-node-> v6 (already current)The aggregate diff against
mainis exactly nine lines changed (nine deletions, nine insertions) acrosscygwin.yml,build.yaml, andui-tests.yml. No behavioral changes: every step continues to use default arguments and the new optional features (direct unzipped uploads inupload-artifact@v7,Content-Type-aware unzipping indownload-artifact@v8, the newgetOctokitfactory ingithub-script@v9, etc.) are not exercised here.The branch follows the existing merging-rebase layering. Each incremental bump is rooted in the layer where the action reference ultimately lives:
update-github-actions-in-cygwin-cicarrying onefixup!of4bd00d615b Cygwin: CI: update Actions versions(the only Cygwin-layer bump still needed:upload-artifactv6 to v7 incygwin.yml).msys2-ci-fixupscarrying onefixup!ofcd1436184d CI: add a GHA for doing a basic build test(thebuild.yaml
upload-artifactv6->v7 anddownload-artifactv7->v8 bumps).fixup!commits directly on the branch tip, targeting the GFW commits that introduced the additional action references that aren't in upstream MSYS2:fixup! ci: run Git's entire test suite(build.yaml:github-scriptv8->v9,download-artifactv7->v8,upload-artifactv6->v7 x2)fixup! ci: add an AutoHotKey-based integration test(ui-tests.ymldownload-artifactv7->v8)fixup! ci(ui-tests): upload the test logs(ui-tests.ymlupload-artifactv6->v7)While in the area, this PR also adds
amend!commits that replace the dependabot-style boilerplate on five existing GFW-only commits with prose that actually explains what each change does, why, and how it affects the workflow.