Skip to content

build(deps): bump the github-actions group across 1 directory with 2 updates #4728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

build(deps): bump the github-actions group across 1 directory with 2 updates #4728

wants to merge 6 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 28, 2025
edited
Loading

Bumps the github-actions group with 2 updates in the / directory: updatecli/updatecli-action and golangci/golangci-lint-action.

Updates updatecli/updatecli-action from 2.79.0 to 2.80.0

Release notes

Sourced from updatecli/updatecli-action's releases.

v2.80.0 🌈

Changes

🧰 Maintenance

Contributors

@​updateclibot[bot] and updateclibot[bot]

Commits

Updates golangci/golangci-lint-action from 6.5.2 to 7.0.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v7.0.0

⚠️ The GitHub Action v7 supports golangci-lint v2 only. ⚠️

What's Changed

Changes

Documentation

Dependencies

New Contributors

Full Changelog: golangci/golangci-lint-action@v6.5.2...v7.0.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested a review from a team March 28, 2025 08:06
@dependabot dependabot bot requested a review from a team as a code owner March 28, 2025 08:06
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 28, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 28, 2025

Reviewers

The following teams could not be added as reviewers: observablt-ci. Either the team does not exist or it does not have the correct permissions to be added as a reviewer.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested review from ycombinator and blakerouse March 28, 2025 08:06
@mergify Mergify
Copy link
Contributor

mergify bot commented Mar 28, 2025

This pull request does not have a backport label. Could you fix it @dependabot[bot]? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit
  • backport-active-all is the label that automatically backports to all active branches.
  • backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
  • backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

@dependabot
build(deps): bump the github-actions group across 1 directory with 2 …
039d387 
…updates

Bumps the github-actions group with 2 updates in the / directory: [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action).


Updates `updatecli/updatecli-action` from 2.79.0 to 2.80.0
- [Release notes](https://github.com/updatecli/updatecli-action/releases)
- [Commits](updatecli/updatecli-action@b0d4fd8...339fdb3)

Updates `golangci/golangci-lint-action` from 6.5.2 to 7.0.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@55c2c14...1481404)

---
updated-dependencies:
- dependency-name: updatecli/updatecli-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-01d9c0575c branch from 7e6a1a4 to 039d387 Compare March 30, 2025 22:09
@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Apr 1, 2025
@ycombinator ycombinator enabled auto-merge (squash) April 2, 2025 18:54
ycombinator
ycombinator previously approved these changes Apr 2, 2025
View reviewed changes
@ycombinator
Copy link
Contributor

The golangci-lint check is failing like so:

Error: Failed to run: Error: invalid version string 'v1.64.5', golangci-lint v1 is not supported by golangci-lint-action v7., Error: invalid version string 'v1.64.5', golangci-lint v1 is not supported by golangci-lint-action v7.
    at parseVersion (/home/runner/work/_actions/golangci/golangci-lint-action/1481404843c368bc19ca9406f87d6e0fc97bdcfd/dist/run/index.js:93236:15)
    at getRequestedVersion (/home/runner/work/_actions/golangci/golangci-lint-action/1481404843c368bc19ca9406f87d6e0fc97bdcfd/dist/run/index.js:93285:36)
    at getVersion (/home/runner/work/_actions/golangci/golangci-lint-action/1481404843c368bc19ca9406f87d6e0fc97bdcfd/dist/run/index.js:93318:24)
    at install (/home/runner/work/_actions/golangci/golangci-lint-action/1481404843c368bc19ca9406f87d6e0fc97bdcfd/dist/run/index.js:92540:56)
    at prepareEnv (/home/runner/work/_actions/golangci/golangci-lint-action/1481404843c368bc19ca9406f87d6e0fc97bdcfd/dist/run/index.js:92855:49)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Error: invalid version string 'v1.64.5', golangci-lint v1 is not supported by golangci-lint-action v7.

This if happening because, according to https://github.com/golangci/golangci-lint-action?tab=readme-ov-file#compatibility, golangci-lint-action@v7 requires golangci-lint@v2 at minimum.

@ycombinator ycombinator disabled auto-merge April 2, 2025 20:11
@ycombinator
Copy link
Contributor

This if happening because, according to https://github.com/golangci/golangci-lint-action?tab=readme-ov-file#compatibility, golangci-lint-action@v7 requires golangci-lint@v2 at minimum.

I bumped up the version of golangci-lint to v2 in the golangci-lint-action configuration file but that requires migrating the .golangci-lint configuration file to v2 as well. I did in by running golangci-lint migrate. I will now gradually try to bring the new v2 configuration to be as close to the original one. Marking this PR as WIP until this is done.

@ycombinator ycombinator marked this pull request as draft April 2, 2025 20:11
@ycombinator ycombinator force-pushed the dependabot/github_actions/github-actions-01d9c0575c branch from ad85dfd to c1f2d87 Compare April 7, 2025 19:16
@ycombinator ycombinator marked this pull request as ready for review April 7, 2025 19:28
v1v
v1v reviewed Apr 7, 2025
View reviewed changes
.github/workflows/bump-elastic-stack-snapshot.yml Outdated
@@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v4

- name: Install Updatecli in the runner
uses: updatecli/updatecli-action@b0d4fd84ae72108930c9adb83bb4beba1acbaf9f # v2.79.0
uses: updatecli/updatecli-action@339fdb3f3bf66d14fe5830248b4e893990415cd0 # v2.80.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If possible, let's avoid the bump, I'm working on fixing some of the existing issues with the current approach for Beats, and eventually here too.

See elastic/beats#43743

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I can revert the updatecli/updatecli-action version bump in this PR. Just to double check, there is no problem with keeping the golangci/golangci-lint-action version bump in this PR, correct, @v1v?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, correct, thanks @ycombinator

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, done.

@ycombinator ycombinator requested a review from v1v April 7, 2025 21:53
@ycombinator ycombinator force-pushed the dependabot/github_actions/github-actions-01d9c0575c branch from 19b6888 to cda53ce Compare April 7, 2025 21:55
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ycombinator ycombinator ycombinator left review comments

@v1v v1v v1v approved these changes

@blakerouse blakerouse Awaiting requested review from blakerouse blakerouse is a code owner automatically assigned from elastic/elastic-agent-control-plane

@michel-laterman michel-laterman Awaiting requested review from michel-laterman

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ycombinator @v1v @pierrehilbert