Replace gh release download with go install in smoke workflow#63
Merged
jeffwidman merged 1 commit intomainfrom Mar 9, 2026
Merged
Replace gh release download with go install in smoke workflow#63jeffwidman merged 1 commit intomainfrom
jeffwidman merged 1 commit intomainfrom
Conversation
Replace `gh release download` for obtaining the Dependabot CLI with `go install github.com/dependabot/cli/cmd/dependabot@latest`. This is simpler, doesn't require gh authentication or tar extraction, and aligns with dependabot/smoke-tests#404. Also simplifies the smoke test download to a single gh api call using the raw content Accept header.
jeffwidman
commented
Mar 9, 2026
| ./dependabot --version | ||
| URL="https://api.github.com/repos/dependabot/smoke-tests/contents/tests/smoke-${SUITE}.yaml" | ||
| curl $(gh api "$URL" --jq .download_url) -o smoke.yaml | ||
| gh api "repos/dependabot/smoke-tests/contents/tests/smoke-${SUITE}.yaml" -H "Accept: application/vnd.github.raw" > smoke.yaml |
Member
Author
There was a problem hiding this comment.
this saves an http call over the curl wrapping gh api
There was a problem hiding this comment.
Pull request overview
This PR simplifies the smoke test workflow by replacing gh release download + tar extraction of the Dependabot CLI with go install, leveraging Go being pre-installed on ubuntu-latest runners. It also streamlines the smoke test YAML download from a two-request pattern (gh api + curl) to a single gh api call using the Accept: application/vnd.github.raw header.
Changes:
- Replaced CLI binary download via
gh release downloadand tar extraction withgo install github.com/dependabot/cli/cmd/dependabot@latest, addingGOPATH/binto$GITHUB_PATH - Simplified smoke test YAML download to a single
gh apicall with a raw content Accept header - Updated
./dependabotreferences todependabot(now resolved via PATH)
jakecoffman
approved these changes
Mar 9, 2026
jeffwidman
commented
Mar 9, 2026
Comment on lines
+38
to
+39
| - name: Add Go bin to PATH | ||
| run: echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH" |
Member
Author
There was a problem hiding this comment.
I forgot that setup-go action adds caching across runs until @yeikel reminded me:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Replace
gh release downloadfor obtaining the Dependabot CLI withgo install github.com/dependabot/cli/cmd/dependabot@latest.Why
ghauthentication required for CLI downloadubuntu-latestrunnersgo installsmoke-tests#404Changes
gh release download+tarwithgo installGOPATH/binto$GITHUB_PATH./dependabottodependabot(now on PATH)gh apicall withAccept: application/vnd.github.rawheader (was two HTTP requests)