From c0a4d633d3c0e0df463ca5d761c6d8c4ac86d886 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 3 May 2026 13:22:20 +0200 Subject: [PATCH 01/10] amend! Cygwin: CI: update Actions versions Cygwin: CI: update Actions versions Update both versioned actions in `cygwin.yml` to current major versions: `actions/checkout` from v3 to v6 (in both invocations: the Fedora cross-build job and the windows-2022 native build job) and `actions/upload-artifact` from v4 to v6 (the "Upload test logs" step that publishes the testsuite `*.log` and `*.trs` artifacts). All three call sites use the actions with default arguments, so the bumps are behaviorally transparent: they exist purely to advance the underlying Node.js runtime to v24 on the GitHub Actions runners and to retire the v3/v4 deprecation warnings emitted on each workflow run. Cygwin upstream's `cygwin.yml` still pins the older v3 and v4 revisions. Carrying this bump in the Git for Windows fork keeps the fork's CI clean ahead of upstream catching up at the next merging-rebase. Originally-authored-by: dependabot[bot] Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin From 8261c5f5c09cde83bd9854dc3fa6d57164404fca Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 3 May 2026 13:22:23 +0200 Subject: [PATCH 02/10] fixup! Cygwin: CI: update Actions versions Bring `actions/upload-artifact` in `cygwin.yml` from v6 up to v7. The v7 major release adds an optional `archive: false` mode for uploading a single file unzipped and migrates the action's internal implementation to ESM modules. Neither change affects the existing "Upload test logs" step, which continues to upload a directory tree of `*.log` and `*.trs` files via the default zipped-archive mode. See https://github.com/actions/upload-artifact/releases/tag/v7.0.0 for the v7 release notes. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin --- .github/workflows/cygwin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cygwin.yml b/.github/workflows/cygwin.yml index 4bf00cb175..62c8033f70 100644 --- a/.github/workflows/cygwin.yml +++ b/.github/workflows/cygwin.yml @@ -168,7 +168,7 @@ jobs: # upload test logs to facilitate investigation of problems - name: Upload test logs - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: testlogs path: | From fa25a3199748c85ea1d648658275e012854faaac Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 3 May 2026 14:38:25 +0200 Subject: [PATCH 03/10] amend! b72ad68c3674a872703b2b53d79887a2ef5a87f5 fixup! CI: add a GHA for doing a basic build test Bring the two artifact actions in `build.yaml` up from the v4 revisions that existed when the workflow was originally introduced in 2020: `actions/upload-artifact` from v4 to v6 (the "Upload" step that publishes the just-built `_dest/` install tree as the `install` artifact) and `actions/download-artifact` from v4 to v7 (the "Download msys2-runtime artifact" step in the `msys2-tests` job that overlays that artifact on top of the runner's MSYS2 installation). Both steps invoke the actions with default arguments, so the bumps are behaviorally transparent: they advance the Node.js runtime on the runners and retire the v4 deprecation warnings without altering the upload or download semantics. The asymmetric target versions (upload v6, download v7) simply reflect each action's then-current latest major release. Originally-authored-by: dependabot[bot] Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin From d19d4bdfc554bb199205358ce790c6a918f68913 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 3 May 2026 14:38:26 +0200 Subject: [PATCH 04/10] amend! 9e748a0697da1998171961887c0b0009f58b35f7 fixup! CI: add a GHA for doing a basic build test Bring `actions/checkout` in `build.yaml` up from v4 (untouched since the workflow was first introduced in 2020) to the current latest major v6. The single "Checkout code" step uses default settings, so the bump is behaviorally transparent: it advances the underlying Node.js runtime on the GitHub Actions runner and retires the v4 deprecation warning without changing checkout semantics. Originally-authored-by: dependabot[bot] Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin From b6fdf016aed7804cf701d30e50b0ba087a842e88 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 3 May 2026 14:38:26 +0200 Subject: [PATCH 05/10] fixup! CI: add a GHA for doing a basic build test Bring the two artifact actions in `build.yaml` up to the latest stable major versions: `actions/upload-artifact` from v6 to v7, and `actions/download-artifact` from v7 to v8. The `actions/checkout` step remains on v6, which is still the current latest major. The v7 release of `actions/upload-artifact` (see https://github.com/actions/upload-artifact/releases/tag/v7.0.0) adds an optional `archive: false` mode for uploading a single file unzipped, and migrates the package to ESM modules. The "Upload" step here packages the entire `_dest/` install directory as an artifact, so the default zipped-archive mode continues to apply unchanged. The v8 release of `actions/download-artifact` (see https://github.com/actions/download-artifact/releases/tag/v8.0.0) makes two behavior changes that matter for callers. Firstly, the action now inspects the `Content-Type` header before unzipping and skips non-zipped artifacts, complementing the new direct-upload mode in `upload-artifact@v7`; the msys2-runtime install artifact uploaded earlier in this workflow continues to be a zipped archive and is therefore unzipped as before into the MSYS2 install root. Secondly, hash-digest mismatches between the requested artifact and the downloaded payload now fail the step by default (the previous behavior only emitted a warning); the new `digest-mismatch` input can be set back to `warn` if needed, but failing fast is the safer default for a CI flow that immediately overlays the downloaded files on top of the live MSYS2 installation. Both major version bumps additionally pull in the ESM migration from the underlying `@actions/*` toolkit packages, which is transparent for this workflow. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8ab8d4e1f0..78d50b9a88 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -33,7 +33,7 @@ jobs: make DESTDIR="$(pwd)"/_dest install - name: Upload - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: install path: _dest/ @@ -81,7 +81,7 @@ jobs: msys2 -c 'pacman --noconfirm -Suu' - name: Download msys2-runtime artifact - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: install path: ${{ steps.msys2.outputs.msys2-location }} From 8421a39c6d1685d4d2f81fa3e97232538fead812 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 16:29:09 +0200 Subject: [PATCH 06/10] fixup! ci: run Git's entire test suite Bring the three actions newly introduced by this commit in `build.yaml` up to their latest stable major versions. `actions/github-script` is bumped from v8 to v9. The v9 release (see https://github.com/actions/github-script/releases/tag/v9.0.0) upgrades the bundled `@actions/github` package to v9, which is now ESM-only, and exposes a new `getOctokit` factory function as a script parameter for callers that need additional authenticated clients. It also drops the ability to redeclare `getOctokit` via `const`/`let`, and removes the `require('@actions/github')` escape hatch. The script invoked here only uses the injected `github` client to call `github.rest.actions.listWorkflowRuns` for the latest successful `ci-artifacts.yml` run, so none of the breaking changes apply. `actions/download-artifact` is bumped from v7 to v8. The v8 release (see https://github.com/actions/download-artifact/releases/tag/v8.0.0) inspects the `Content-Type` header before unzipping (so the new unzipped uploads from `upload-artifact@v7` round-trip correctly) and makes hash-digest mismatches fail the step by default rather than emitting a warning; both changes are safe for the `install` artifact downloaded here, which is the zipped `_dest/` archive produced earlier in the same workflow run. `actions/upload-artifact` is bumped from v6 to v7 in the "upload minimal-sdk artifact" and "upload git artifacts for testing" steps, matching the bump that is already applied to the "Upload" step via the msys2-ci-fixups merge. Both steps upload a single `*.tar.gz` file, so they continue to use the default zipped-archive mode and are unaffected by the new `archive: false` option. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin --- .github/workflows/build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index fbdfa057d9..9233525634 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -50,7 +50,7 @@ jobs: # Cannot just grab from https://github.com/git-for-windows/git-sdk-64/releases/tag/ci-artifacts # because we also need the git-artifacts id: ci-artifacts-run-id - uses: actions/github-script@v8 + uses: actions/github-script@v9 with: script: | const [ owner, repo ] = process.env.G4W_SDK_REPO.split('/') @@ -80,7 +80,7 @@ jobs: exit $? done ls -la - - uses: actions/download-artifact@v7 + - uses: actions/download-artifact@v8 with: name: install path: install @@ -94,7 +94,7 @@ jobs: tar -C ../install -cf - . | tar xf - && tar cvf - * .[0-9A-Za-z]* | gzip -1 >../git-sdk-x86_64-minimal.tar.gz - name: upload minimal-sdk artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: minimal-sdk path: git-sdk-x86_64-minimal.tar.gz @@ -107,7 +107,7 @@ jobs: echo "result=$(tar Oxf git-artifacts.tar.gz git/bin-wrappers/git | sed -n 's|^GIT_EXEC_PATH='\''\(.*\)/git'\''$|\1|p')" >>$GITHUB_OUTPUT - name: upload git artifacts for testing - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: git-artifacts path: git-artifacts.tar.gz From ef2dc42460b4259ec0be3b7f10599431e213c83c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 17:10:22 +0200 Subject: [PATCH 07/10] fixup! ci: add an AutoHotKey-based integration test Bring the `actions/download-artifact` step that fetches the msys2-runtime build artifact in `ui-tests.yml` from v7 up to v8, matching the bumps applied to the other download-artifact steps in `build.yaml` via the msys2-ci-fixups merge and the companion `fixup! ci: run Git's entire test suite` commit. The v8 release (see https://github.com/actions/download-artifact/releases/tag/v8.0.0) checks the artifact's `Content-Type` header before unzipping (so the new unzipped uploads from `upload-artifact@v7` round-trip correctly) and turns hash-digest mismatches into hard errors instead of warnings. The artifact downloaded here is the zipped msys2-runtime install tree produced by the upstream `build` job, which uses the default zipped upload mode, so the new behavior applies cleanly: the archive is still unzipped into `${{ runner.temp }}/artifacts` as before, and any digest mismatch will now correctly fail the step rather than silently corrupting the MSYS2 install. The other actions referenced in this workflow (`actions/checkout` v6, `actions/cache/restore` v5, `actions/cache/save` v5, and `actions/setup-node` v6) are already at the current latest major versions and need no change here. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin --- .github/workflows/ui-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ui-tests.yml b/.github/workflows/ui-tests.yml index ab60a04a3f..24420c6076 100644 --- a/.github/workflows/ui-tests.yml +++ b/.github/workflows/ui-tests.yml @@ -23,7 +23,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/download-artifact@v7 + - uses: actions/download-artifact@v8 with: name: ${{ inputs.msys2-runtime-artifact-name }} path: ${{ runner.temp }}/artifacts From 6c5e11a2d195e07bf7aa2bdc678a84924f1f207c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 17:13:01 +0200 Subject: [PATCH 08/10] fixup! ci(ui-tests): upload the test logs Bring the `actions/upload-artifact` step that publishes the `ui-tests-${{ matrix.os }}` artifact from v6 up to v7, completing the upload-artifact bump that the cygwin-CI and msys2-ci-fixups sub-branch merges and the companion `fixup! ci: run Git's entire test suite` commit have already applied to all the other upload-artifact steps in this branch. The v7 release (see https://github.com/actions/upload-artifact/releases/tag/v7.0.0) adds an optional `archive: false` mode for uploading a single file unzipped, and migrates the bundled `@actions/*` packages to ESM. The "Upload test results" step uploads the entire `ui-tests` directory (the AutoHotKey scripts, screenshots, and `.log` files captured by the test run), so it continues to use the default zipped-archive mode and is not affected by the new option. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin --- .github/workflows/ui-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ui-tests.yml b/.github/workflows/ui-tests.yml index 24420c6076..96dfd41bd4 100644 --- a/.github/workflows/ui-tests.yml +++ b/.github/workflows/ui-tests.yml @@ -183,7 +183,7 @@ jobs: screenshot $bounds "ui-tests/screenshot.png" - name: Upload test results if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ui-tests-${{ matrix.os }} path: ui-tests From 1f7279ce3cfe99e21543c20c61f857f08ae31284 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 3 May 2026 15:28:04 +0200 Subject: [PATCH 09/10] amend! dependabot: help keeping GitHub Actions versions up to date dependabot: help keeping GitHub Actions versions up to date Add a minimal `.github/dependabot.yml` that subscribes the `github-actions` ecosystem at the repository root to weekly Dependabot scans. With this enabled, Dependabot opens a pull request whenever any GitHub Action referenced in `.github/workflows/*.yml` publishes a new release. Without this configuration, Action versions in this fork's CI silently drift behind their upstream releases until somebody notices a deprecation warning or a behavior change in CI. Letting Dependabot file the PRs preserves the manual review step (the maintainer still decides whether to merge each individual bump) while removing the busywork of polling each action's release page. The configuration follows the GitHub Actions example at https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#enabling-dependabot-version-updates-for-actions verbatim with no extra options. Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin From bdbb25822ae3bc7bb2cf9654971c4448de9520f9 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Sun, 3 May 2026 15:28:05 +0200 Subject: [PATCH 10/10] amend! ci: run Git's entire test suite ci: run Git's entire test suite One particularly important part of Git for Windows' MSYS2 runtime is that it is used to run Git's tests, and regressions have happened there. For example, the first iteration of MSYS2 runtime v3.5.5 caused plenty of hangs. This was realized unfortunately only after deploying the msys2-runtime Pacman package, and some painful vacation-time scrambling was required to revert to v3.5.4. To verify that this does not happen anymore, this commit reuses what `setup-git-for-windows-sdk` uses in Git's very own CI: determine the latest successful `ci-artifacts` workflow run in `git-for-windows/git-sdk-64`, download its Git files, build artifacts, and minimal SDK, overwrite the MSYS2 runtime in the minimal SDK with the just-built version, and then run Git's test suite and the assorted validations exactly as the `ci-artifacts` workflow runs them (and from which these jobs are copied). This obviously adds a hefty time penalty (around 7 minutes!) to every MSYS2 runtime PR in the git-for-windows org. Happily, these days we don't need many of those, and the balance between things like the v3.5.5 scramble and waiting a little longer for the CI to finish is clearly in favor of the latter. Co-authored-by: Jeremy Drake Assisted-by: Claude Opus 4.7 Signed-off-by: Johannes Schindelin