Bump actions/upload-artifact from 3 to 4 #258
Conversation
dependabot
bot
added
part:tooling
llucax
left a comment
llucax
left a comment
There was a problem hiding this comment.
Needs investigation and manual updates.
|
I feel like unless there's critical bugs, we should look into updating gh actions only once a year or something. There's no real reason to update what's already working for us, unless they have some new feature that we want. |
|
I was thinking about the same, monthly updates are definitely better than weekly but still seems like it is too often. I feel like yearly might be too seldom, specially because many updates (I would say most of them) work without needing any changes, so I would probably try first bi-yearly and see how that feels. If we could make those updates spread more over the many repos we have I think it would also help to avoid the "dependabot fatigue", specially with breaking updates that need investigation If we have it first in one repo, and only get notified in the others after there was some chance that someone looked into it and we know how to upgrade, it can feel less exhausting than just getting many updates that we need we are not going to do anything about for some time. |
BTW, for me the main reason to update is because the "old" actions might get out of support and maybe there are some security bugs that will not get fixed in the old version. This is why at least to me it is important not to lag too behind the latest versions, even if stuff seems to be working for us with the old version. |
Or maybe every three months? |
|
OK, this doesn't need any changes, just do this and #260 at the same time. |
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v3...v4) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
llucax
force-pushed
the
dependabot/github_actions/actions/upload-artifact-4
branch
from
084f27a to
a395eb5
Compare
|
Force-merging as this was updated in many other repos and it works fine. |
Bumps actions/upload-artifact from 3 to 4.
Release notes
Sourced from actions/upload-artifact's releases.
Commits
c7d193fMerge pull request #466 from actions/v4-beta13131bblicensed cache4a6c273Merge branch 'main' into v4-betaf391bb9Merge pull request #465 from actions/robherley/v4-documentation9653d03Apply suggestions from code review875b630add limitations sectionecb2146add compression example5e7604ftrim some repeated infod6437d0naming1b56155s/v4-beta/v4/gYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)