Skip to content

Bump the gha-dependencies group across 1 directory with 3 updates #6981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the gha-dependencies group across 1 directory with 3 updates #6981

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 20, 2025
edited
Loading

Bumps the gha-dependencies group with 3 updates in the / directory: actions/checkout, docker/bake-action and astral-sh/setup-uv.

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

Updates docker/bake-action from 5 to 6

Release notes

Sourced from docker/bake-action's releases.

v6.0.0

[!IMPORTANT] This major release uses the Git context to build from a remote bake definition by default like docker/build-push-action does to be consistent.

If you're using docker/metadata-action with bake and a remote bake definition, you need to set the cwd:// prefix to combine the remote one with the local one. More info: docker/bake-action#287

If you want to keep the old behavior using the Path context, you need to update your workflow and set source: .

Full Changelog: docker/bake-action@v5.11.0...v6.0.0

v5.13.0

Full Changelog: docker/bake-action@v5.12.0...v5.13.0

v5.12.0

Full Changelog: docker/bake-action@v5.11.0...v5.12.0

v5.11.0

list-targets subaction changes:

Full Changelog: docker/bake-action@v5.10.0...v5.11.0

v5.10.0

Full Changelog: docker/bake-action@v5.9.0...v5.10.0

v5.9.0

Full Changelog: docker/bake-action@v5.8.0...v5.9.0

v5.8.0

... (truncated)

Commits
  • 3acf805 Merge pull request #345 from crazy-max/update-yarn
  • f6376ff update yarn to 4.9.2
  • 60b3af6 Merge pull request #344 from crazy-max/update-dev
  • f08ef55 chore: update generated content
  • c22b348 update dev dependencies
  • 40bffc1 Merge pull request #342 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • d7a0b5e chore: update generated content
  • 3965f4b chore(deps): Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0
  • 3d864c3 Merge pull request #341 from docker/dependabot/npm_and_yarn/tmp-0.2.4
  • 3589b0c chore: update generated content
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 5.2.1 to 6.5.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v6.5.0 🌈 Better error messages, bug fixes and copilot agent settings

Changes

This release brings better error messages in case the GitHub API is impacted, fixes a few bugs and allows to disable problem matchers for better use in Copilot Agent workspaces.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v6.4.3 🌈 fix relative paths starting with dots

🐛 Bug fixes

v6.4.2 🌈 Interpret relative inputs as under working-directory

Changes

This release will interpret relative paths in inputs as relative to the value of working-directory (default is ${{ github.workspace }}) . This means the following configuration

- uses: astral-sh/setup-uv@v6
   with:
     working-directory: /my/path
     cache-dependency-glob: uv.lock

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Aug 20, 2025
danielhollas
danielhollas requested changes Aug 20, 2025
View reviewed changes
Copy link
Collaborator

@danielhollas danielhollas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am very confused as to why this PR is not triggering the docker build (from docker.yml). I don't even see it being skipped among the other workflows?

https://github.com/aiidateam/aiida-core/pull/6981/checks

Should be investigated before merge to validate that the bake-action bump works.

@danielhollas danielhollas mentioned this pull request Aug 20, 2025
Closed
@dependabot
Bump the gha-dependencies group across 1 directory with 3 updates
9f2bef9 
Bumps the gha-dependencies group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [docker/bake-action](https://github.com/docker/bake-action) and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

Updates `docker/bake-action` from 5 to 6
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](docker/bake-action@v5...v6)

Updates `astral-sh/setup-uv` from 5.2.1 to 6.5.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@v5.2.1...v6.5.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha-dependencies
- dependency-name: docker/bake-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha-dependencies
- dependency-name: astral-sh/setup-uv
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/gha-dependencies-f0177840fc branch from 5966e0a to 9f2bef9 Compare September 1, 2025 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielhollas danielhollas danielhollas requested changes

@agoscinski agoscinski Awaiting requested review from agoscinski

@unkcpz unkcpz Awaiting requested review from unkcpz

Requested changes must be addressed to merge this pull request.

Assignees

@agoscinski agoscinski

Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danielhollas @agoscinski