Skip to content

chore(deps): update github actions #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mshafer-NI merged 1 commit into from
Dec 8, 2025
Merged

chore(deps): update github actions #251

mshafer-NI merged 1 commit into from
Dec 8, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 8, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/cache action minor v4.2.4 -> v4.3.0
actions/checkout action minor v2 -> v2.7.0
actions/checkout action minor v4.2.2 -> v4.3.1
actions/checkout action minor v3 -> v3.6.0
actions/setup-python action minor v2 -> v2.3.4
ni/python-actions action minor v0.4.1 -> v0.7.0
pypa/gh-action-pypi-publish action minor v1.12.4 -> v1.13.0
thollander/actions-comment-pull-request action minor v1 -> v1.6.0

Release Notes

actions/cache (actions/cache)

v4.3.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.3.0

actions/checkout (actions/checkout)

v2.7.0

Compare Source

What's Changed

Full Changelog: actions/checkout@v2.6.0...v2.7.0

v2.6.0

Compare Source

What's Changed

Full Changelog: actions/checkout@v2.5.0...v2.6.0

v2.5.0

Compare Source

What's Changed

Full Changelog: actions/checkout@v2...v2.5.0

v2.4.2

Compare Source

What's Changed

Full Changelog: actions/checkout@v2...v2.4.2

v2.4.1

Compare Source

  • Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

v2.4.0

Compare Source

  • Convert SSH URLs like org-<ORG_ID>@&#8203;github.com: to https://github.com/ - pr

v2.3.5

Compare Source

Update dependencies

v2.3.4

Compare Source

v2.3.3

Compare Source

v2.3.2

Compare Source

Add Third Party License Information to Dist Files

v2.3.1

Compare Source

v2.3.0

Compare Source

v2.2.0

Compare Source

v2.1.1

Compare Source

  • Changes to support GHES (here and here)

v2.1.0

Compare Source

actions/setup-python (actions/setup-python)

v2.3.4

Compare Source

What's Changed

In the scope of this patch release, the warning for deprecating Python 2.x was added in #​675 by @​dmitry-shibanov

For more information, check out #​672

Full Changelog: actions/setup-python@v2...v2.3.4

v2.3.3: Update actions/core to 1.10.0 for v2

Compare Source

In scope of this release we update actions/core to 1.10.0 for v2 major tag: #​533.

v2.3.2: Update primary and restore keys for pip

Compare Source

In scope of this release we include a version of python in restore and primary cache keys for pip. Besides, we add temporary fix for Windows caching issue, that the pip cache dir command returns non zero exit code or writes to stderr. Moreover we updated node-fetch dependency.

v2.3.1: Update actions/cache version to 1.0.8

Compare Source

We have updated actions/cache dependency version to 1.0.8 to support 10GB cache upload

v2.3.0: Support caching dependencies

Compare Source

This release introduces dependency caching support (#​266)

Caching dependencies.

The action has a built-in functionality for caching and restoring pip/pipenv dependencies. The cache input is optional, and caching is turned off by default.

Besides, this release introduces dependency caching support for mono repos and repositories with complex structure.

By default, the action searches for the dependency file (requirements.txt for pip or Pipfile.lock for pipenv) in the whole repository. Use the cache-dependency-path input for cases when you want to override current behaviour and use different file for hash generation (for example requirements-dev.txt). This input supports wildcards or a list of file names for caching multiple dependencies.

Caching pip dependencies:
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
  with:
    python-version: '3.9'
    cache: 'pip'
- run: pip install -r requirements.txt
- run: pip test
Caching pipenv dependencies:
steps:
- uses: actions/checkout@v2
- name: Install pipenv
  run: pipx install pipenv
- uses: actions/setup-python@v2
  with:
    python-version: '3.9'
    cache: 'pipenv'
- run: pipenv install
- run: pipenv test
Change dependency file:
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
  with:
    python-version: '3.9'
    cache: 'pip'
    cache-dependency-path: '**/requirements-dev.txt'
- run: pip install -r subdirectory/requirements-dev.txt
- run: pip test

v2.2.2

Compare Source

Address PyPy installation issues on Windows: #​196

v2.2.1

Compare Source

  • Fix PyPy3 issues with Windows

v2.2.0

Compare Source

  • Support for PyPy 3.7 in addition to the current 3.6 support
  • Support for Pre-Release distributions of PyPy
  • Support for PyPy Nighly

v2.1.4

Compare Source

  • Improvements for more reliable setup on self-hosted runners

v2.1.3

Compare Source

  • Updates to NPM dependencies
  • Updates to licenses

v2.1.2

Compare Source

  • Add Third Party License Information

v2.1.1

Compare Source

Fix installation logic to prevent leaving files in GITHUB_WORKSPACE
Related issue: #​101

v2.1.0

Compare Source

  • Support for pre-release Python distributions

v2.0.2

Compare Source

  • Improved logs & output when downloading and setting up Python versions
  • Improvements and updates to downloading Python versions from actions/python-versions

v2.0.1

Compare Source

ni/python-actions (ni/python-actions)

v0.7.0: ni/python-actions v0.7.0

Compare Source

What's Changed

  • analyze-project: Replace extras input with a more general install-args input (#​40)

    • Now you can use install-args to pass whatever arguments you want to poetry install. Example:
    - uses: ni/python-actions/analyze-project@v0
  with:
    project-directory: ${{ github.workspace }}/packages/myproject
    install-args: "--extras 'colors serialization' --with dev,docs,utils"
    • The extras input has been removed. This breaks compatibility, but this project's major version is still 0, so we are only bumping the minor version.

  • setup-poetry: Use temporary directory for Poetry installs (#​41)

    • Originally, the Poetry install directory was $HOME/.local/poetry. This worked fine on GitHub-hosted runners and ephemeral self-hosted runners, but on long-lived self-hosted runners it produces errors when the directory already exists.
    • In v0.6.0, the Poetry install directory was changed to $GITHUB_WORKSPACE/.cache/poetry so that self-hosted runners would automatically clean it up. However, this broke compatibility with clients that run tools that search the entire GitHub workspace for Python files.
    • In v0.6.1, the Poetry install directory was changed to the pipeline directory ($GITHUB_WORKSPACE/..) to hide it from tools that search the entire GitHub workspace. However, this caused a regression for long-lived self-hosted runners.
    • In v0.7.0, the Poetry install directory was changed to $RUNNER_TEMP/poetry, which is cleaned up before/after each job, but which is outside the GitHub workspace. This directory seems to be stable enough that caching is still effective. Hopefully this will be the last change of Poetry install location; if not, we will probably add an input to allow overriding it.

Full Changelog: ni/python-actions@v0.6.1...v0.7.0

v0.6.1: ni/python-actions v0.6.1

Compare Source

Bug Fixes
  • ni/python-actions/analyze-project: Fix #​31 - ni/python-actions/analyze-project does not think mypy is installed (#​32)
  • ni/python-actions/setup-poetry: Fix #​33 - Moving Poetry install directory to $GITHUB_WORKSPACE/.cache breaks nps lint with default excludes (#​34)
What's Changed
  • Enable immutable releases
  • Documentation
    • Replace @v0.2 with @v0 and recommend pinning (#​29)
    • Update analyze-project docs (#​30)
  • ni/python-actions/analyze-project:
    • Use a custom shell to run the venv's python (#​35)
    • Update jakebailey/pyright-action action to v2.3.3 (#​37)
    • Add test scenarios for analyze-project (#​36)

Full Changelog: ni/python-actions@v0.6.0...v0.6.1

v0.6.0: ni/python-actions v0.6.0

Compare Source

What's Changed
  • Add ni/python-actions/analyze-project composite action (#​24)
    • This action analyzes the code quality of a Python project using various linters and type checkers including ni-python-styleguide, mypy (if the mypy package is installed), and pyright (if the 'pyright' package is installed).
  • Change Poetry install directory (#​26)
    • This improves compatibility with self-hosted runners.
    • The Poetry cache key now includes a hash of the Poetry install directory.
  • Add a separate README.md for each action (#​25)
  • Update actions/setup-python action to v6 (#​27)
New Contributors

Full Changelog: ni/python-actions@v0.5.1...v0.6.0

v0.5.1: ni/python-actions v0.5.1

Compare Source

What's Changed
  • update-project-version: Add workaround for chained PRs to PR description text (#​21)

Full Changelog: ni/python-actions@v0.5.0...v0.5.1

v0.5.0: ni/python-actions v0.5.0

Compare Source

What's Changed
  • setup-poetry:
    • Change default Poetry version to 2.1.4 (#​18)
  • update-project-version:
    • Show project names and versions (#​20)
      • The PR body now contains a table showing the project names, versions, and pyproject.toml paths
      • When updating a single project, the PR title now says shows the project name and version, e.g. "chore: Update project nitypes to v1.2.3"
    • Change how branch name is shown (#​20)
      • The branch name is now shown in brackets at the beginning of the PR title, e.g. "[releases/1.2] chore: Update project nitypes to v1.2.3"
      • The branch name is no longer shown for main/master branches.
  • tests:
    • The actions are now tested on macOS (#​15)

Full Changelog: ni/python-actions@v0.4.1...v0.5.0

pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)

v1.13.0

Compare Source

Take the 2025 Python Packaging Survey if you still haven't!

[!important]
🚨 This release includes fixes for GHSA-vxmw-7h4f-hqxh discovered by @​woodruffw💰.
We've also integrated Zizmor to catch similar issues in the future and you should too.

✨ New Stuff

@​woodruffw💰 updated the README to no longer mention the attestations feature being experimental in #​347: it's been rather stable for a year already 🎉
He also added more diagnostic output which includes printing out the GitHub Environment claim via #​371 and warning about the unsupported reusable workflows configurations #​306, when using Trusted Publishing.

[!tip]
The official support for reusable workflows is currently blocked on changes to PyPI. To get updates about progress on the action side, you may want to subscribe to #​166.
At PyCon US 2025 Sprints, @​facutuesca💰, @​miketheman💰, @​woodruffw💰 and I💰 spent several hours IRL brainstorming how to fix this and migrate projects that happen to rely on an obscure corner case with reusable workflows that temporarily allows them to function by accident.
The result of that discussion is posted @​ pypi/warehouse#11096 (comment).
Note that this is a volunteer-led effort and there is no ETA. If you need this soon, make your employer sponsor the PSF and maybe they'll be able to hire somebody for this work on Warehouse.

In addition to that, @​konstin💰 sent #​378 to pin actions/setup-python to a SHA hash. This makes pypi-publish compatible with new GitHub policies that allow organizations to mandate hash-pinning actions used in workflows.

🛠️ Internal Dependencies

@​webknjaz💰 made a bunch of updates to the action runtime which includes bumping it to Python 3.13 in #​331 and updating the dependency tree across the board. pip-with-requires-python is no longer being installed (#​332). Some related bumps were contributed by @​woodruffw💰 (#​359) and @​kurtmckee💰 sent a contributor-facing PR, bumping the linting configuration via #​335.

💪 New Contributors

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.4...v1.13.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

thollander/actions-comment-pull-request (thollander/actions-comment-pull-request)

v1.6.0: Issues default management

Compare Source

What's Changed

Full Changelog: thollander/actions-comment-pull-request@v1.5.0...v1.6.0

v1.5.0: GITHUB_TOKEN as default + deps

Compare Source

What's Changed
New Contributors

Full Changelog: thollander/actions-comment-pull-request@v1.4.1...v1.5.0

v1.4.1: Reactions - fix action metadata

Compare Source

v1.4.0: Reactions

Compare Source

v1.3.0: Node JS environment #faster

Compare Source

What's Changed

Full Changelog: thollander/actions-comment-pull-request@v1...v1.3.0

v1.2.0: Upsert mode

Compare Source

v1.1.0: Ability to specify PR number to comment on

Compare Source

v1.0.5: Update dependencies

Compare Source

v1.0.4

Compare Source

v1.0.3: Documentation update

Compare Source

v1.0.2: Update dependencies

Compare Source

v1.0.1: fix: docker build fails

Compare Source

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone US/Central, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 8, 2025

Thank you for contributing! 👋

@mshafer-NI mshafer-NI merged commit 3f5c6fa into main Dec 8, 2025
29 checks passed
@renovate renovate bot deleted the users/renovate/github-actions branch December 8, 2025 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mshafer-NI mshafer-NI mshafer-NI approved these changes

@irwand irwand Awaiting requested review from irwand irwand is a code owner

@neilvana neilvana Awaiting requested review from neilvana neilvana is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mshafer-NI