chore: Updates action versions and add dependabot to check monthly for updates #824
Conversation
|
I see that you addressed actions/upload-artifact#478, that's good thank you very much. Can I see the result of an upload? I would like to know if this will result in dozens of files to download separately or if it still possible to download all of them with one click. In psycopg 2 we had a script to do that, so if it becomes a need in psycopg 3 too we can resume it and adapt it. It was dropped in this commit: psycopg/psycopg2@0b01ded |
|
If you have a look at the runs from my fork, it is a bunch of artifacts that would be downloaded individually. If you'd like, there is a possibility to merge them all I can look into, so it would be a single artifact in the end. Edit: It was hard to link from my phone. For some examples: https://github.com/stumpylog/psycopg/actions/runs/9136644822 or https://github.com/stumpylog/psycopg/actions/runs/9135244783 It's a pretty long list in the binary build :/ |
|
Hello, thank you, yes, I found your job. You can understand well that it is not feasible that to make a release I should click and download manually all these items. And I am not interested in a workflow pushing artifacts automatically from github to pypi: it's too dangerous. I would be ok to either have all the artifacts packaged in a single archive or to have a script to download all of them. |
.github/dependabot.yml
Outdated
| update-types: | ||
| - "major" | ||
| - "minor" | ||
| - "patch" |
There was a problem hiding this comment.
Please make sure that there is a newline at the end of the file.
|
Yep, I figured that might be the case. I'm testing what the merge will look like with the worse case workflow. That will give each workflow a single artifact/zip. |
|
Alright, all the test runs in I chose the |
|
I chose the if: always() so even if some jobs fail, any produced
artifacts still end up merged together.
This seems a dangerous idea. We might end up making a release with a file
missing. I think that failing hard and rerun the build is a better option,
no?
… |
|
Certainly up to you, I'm not familiar enough with the release process here. My thought was someone might want to download the artifact to investigate something, and it would be clear enough that jobs failed it wouldn't be used. But I'm happen to change that |
.github/dependabot.yml
Outdated
|
|
||
| # Enable updates for GitHub Actions | ||
| - package-ecosystem: "github-actions" | ||
| target-branch: "dev" |
There was a problem hiding this comment.
Sorry, just checked this... is this correct? Shouldn't it be master?
.github/workflows/packages-bin.yml
Outdated
| uses: actions/upload-artifact/merge@v4 | ||
| with: | ||
| name: psycopg-binary-artifact | ||
| delete-merged: true |
There was a problem hiding this comment.
Please add an end of line to every file.
|
Hello! Sorry, I was about to merge this MR because, looking at your artifacts it seems to do the right thing. So I've force-pushed to squash two temporary commits, but then noticed a couple of issues. So please pull before changing them. Thank you very much! |
|
(I have fixed the typo causing lint error on master, so a further rebase will clean the failed check). |
|
No problem, I'll get those fixed up when I'm back at a computer |
Updates the actions which could be done with little to minimal changes.. Includes a monthly dependabot check for actions now.
This is motivated by recent updates to the Node 16 availability for runners: https://github.blog/changelog/2024-05-17-updated-dates-for-actions-runner-using-node20-instead-of-node16-by-default/
Changelogs for review:
Other possible updates:
Builds seem to be fine: