Skip to content

build(actions): bump actions/download-artifact from 4.1.9 to 4.2.1 in the github-actions group #770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(actions): bump actions/download-artifact from 4.1.9 to 4.2.1 in the github-actions group #770

wants to merge 1 commit into from
+3 −3

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2025
edited
Loading

Bumps the github-actions group with 1 update: actions/download-artifact.

Updates actions/download-artifact from 4.1.9 to 4.2.1

Release notes

Sourced from actions/download-artifact's releases.

v4.2.1

What's Changed

Full Changelog: actions/download-artifact@v4.2.0...v4.2.1

v4.2.0

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v4.1.9...v4.2.0

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies:ci Related with pipelines dependencies label Apr 9, 2025
@dependabot dependabot bot requested a review from a team as a code owner April 9, 2025 08:35
@github-actions github-actions bot added the ci Pipelines maintenance related label Apr 9, 2025
@jorgepiloto jorgepiloto added this to the ansys/actions@v9 milestone Apr 9, 2025
@RobPasMue
Copy link
Member

@SMoraisAnsys @jorgepiloto -- something weird happened. Both the bot and dependabot "passed" the restrictions apparently. Or did any of you approve?

@jorgepiloto
Copy link
Member

I only saw the block for the PyAnsys CI bot. The one for dependabot passed without me rebasing or approving.

@RobPasMue
Copy link
Member

Yeah something's off with the mechanism. This will require further investigation

@RobPasMue
Copy link
Member

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-df023fe863 branch from 4493e92 to a46c2b1 Compare April 9, 2025 12:22
@RobPasMue
Copy link
Member

I think I understand what's going on...

  • The stage "block-pyansys-ci-bot" failed because the changelog fragment was created by the bot
  • Same happens in the commit before a46c2b1 but in this case with dependabot (since dependabot is the one committing).
  • However, this means that the "Manual approval" stage gets skipped since it is dependent on the two previous ones...
  • One of the conditions we have on the rest of the PR workflow is that if the Manual approval stage gets skipped, we assume that it does not require a manual approval... and thus continues to execute.

We have to refactor our action so that if either of the block-* steps fail.. we also trigger the Manual approval stage. What do you think @SMoraisAnsys?

@RobPasMue
Copy link
Member

RobPasMue commented Apr 9, 2025
edited
Loading

I tried to "fake" the process here:

#773

  • I created a PR with "dependabot/**" as the ref name.
  • The block-* stages went forward because I am neither the dependabot bot nor the pyansys-ci-bot.
  • I arrived the Manual approval stage and cancelled the workflow.

My feeling is that the Manual approval stage should ONLY be accessed if either of the block-* stages fail. If both of them are green, THEN we should skip the Manual approval.

I'll open a PR with these changes... but looking forward to your feedback

@RobPasMue RobPasMue mentioned this pull request Apr 9, 2025
Merged
@RobPasMue
Copy link
Member

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-df023fe863 branch from d31f8fe to 42fe8b0 Compare April 10, 2025 07:36
@RobPasMue
Copy link
Member

Awesome -- it worked!

@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-df023fe863 branch from 1da26e1 to 7bd19cf Compare April 16, 2025 08:03
@SMoraisAnsys
Copy link
Contributor

@dependabot rebase

@dependabot
build(actions): bump actions/download-artifact
e9bcc70 
Bumps the github-actions group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/download-artifact` from 4.1.9 to 4.2.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4.1.9...95815c3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-df023fe863 branch from 7bd19cf to e9bcc70 Compare April 18, 2025 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ci Pipelines maintenance related dependencies:ci Related with pipelines dependencies
Projects
None yet
Milestone
ansys/actions@v10
Development

Successfully merging this pull request may close these issues.
4 participants
@RobPasMue @jorgepiloto @SMoraisAnsys @pyansys-ci-bot