Skip to content

Dependabot: Monthly upgrades to GitHub Actions #1031

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Dependabot: Monthly upgrades to GitHub Actions #1031

wants to merge 3 commits into from

Conversation

cclauss
Copy link
Contributor

@cclauss cclauss commented Sep 2, 2025
edited
Loading

Summary

Dependabot: Monthly upgrades to GitHub Actions

Checklist

  • I understand that this PR may be closed in case there was no previous discussion. (This doesn't apply to typos!)
  • I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
  • I've updated the documentation accordingly.

GitHub Actions are only used at CI test-time, while most other dependencies are also used at runtime. This means that if the CI tests pass, maintainers have more confidence that the proposed changes will not break runtime.

GitHub Actions have very infrequent major version changes . setup-python, the most frequent, has only had five major upgrades in its lifetime.

When GitHub Actions are upgraded, it often happens in batches. The pattern: * proposed in this PR will consolidate all GHA updates into a single pull request to further reduce chattiness. Please see the example output provided above.

There is a tradeoff between supply chain security and chattiness. Given that we have a few GHAs that are updated rarely and usually in batches, and we are using pattern: * to ensure that there will only ever be a single GHA upgrade PR at a time.

cclauss added a commit to cclauss/httpcore that referenced this pull request Sep 17, 2025
@cclauss
Upgrade GitHub actions versions in workflow
07ba2ef 
A manual alternative to:
* encode#1031
* https://github.com/actions/checkout/releases
* https://github.com/actions/setup-python/releases
@cclauss cclauss mentioned this pull request Sep 17, 2025
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cclauss