chore(deps): update github actions (major) #1952

renovate · 2024-07-22T20:49:06Z

This PR contains the following updates:

Package	Type	Update	Change
docker/bake-action	action	major	`v4.6.0` -> `v5.5.0`
snok/container-retention-policy	action	major	`v2.2.1` -> `v3.0.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

docker/bake-action (docker/bake-action)

[!NOTE]
This major release adds support for generating Build summary and exporting build records for your builds. You can disable this feature by setting DOCKER_BUILD_NO_SUMMARY: true environment variable in your workflow.

Full Changelog: docker/bake-action@v4.6.0...v5.0.0

snok/container-retention-policy (snok/container-retention-policy)

`v3.0.0`

Compare Source

v3.0.0

Disclaimer: This release breaks the API of the action to a large degree. It might be wise to run the action with dry-run: true after upgrading.

This release is a complete rewrite of the action, tackling most if not all open issues in the issue tracker. Some of the highlights include:

Simplifying and consolidating the inputs of the action
Improving the runtime performance, and the initialization time of the action in CI
Support for multi-platform packages
Support for new token types (secrets.GITHUB_TOKEN and Github app tokens)
Much better handling of GitHub API rate limits

💥 There are a lot of breaking changes, so we've included a migration guide at the bottom of this post, to make things a bit simpler.

Since the release introduces a few thousand lines of code, we expect there may be a few things left to iron out. If you run into any problems, please share them in the v3 release issue.

In addition to what's mentioned above, other new features and changes include:

Significant effort has been spent on improving the logging, to give better insights into what exactly is happening
Updated license from BSD-3 to MIT.
The available syntax for image-names and image-tags previously allowed wildcards (using the * character). We now also allow the ? character to express a single-character wildcard. For example, the pattern ca? will match car and cat. See the wildmatch docs for details.

In addition to changing the inputs of the action (more details below), there are a few other breaking changes:

We'll no longer maintain mutable major and minor version tags for the action. There will be no v3 target for the action, just v3.0.0 and other exact versions. Mutable major version tags are generally hard to maintain and not much safer than tracking the main branch, so more precise tag tracking should reduce the likelihood of broken runs going forward. Paired with dependabot, upgrading should not be much harder than it has been.
The needs-assistance output was deleted

And in terms of performance improvements:

The action has been rewritten from a composite action to a container action, and the total size of the new image is < 10Mi.
The action would previously take ~30 seconds to initialize and would require a Python runtime. The action now starts in less than a second, and runs as a standalone binary.
The runtime of the action has been reduced, and assuming we need to delete less than 180 package versions, the action completes in, at most, a few seconds. See this example of a recent run. When we have to delete more than 180 package versions, there's a minute of waiting for every 180 new package versions, as a consequence of GitHub's secondary API rate limits. See the new README for details.

Migration guide

The account-type and org-name inputs have been replaced with account, which should be set to the literal string "user" if you previously used account-type: personal and to the organization name otherwise:
```
- account-type: personal
+ account: user
```
or
```
- account-type: organization
- org-name: acme
+ account: acme
```

The filter-tags key has been renamed to image-tags

- filter-tags: *-prod
+ image-tags: "*-prod"

The token-type input has been removed. If you previously used token-type: github-token, then you can now instead pass the secret value to token and have the type of token be auto-detected:
```
- token-type: github-token
+ token: ${{ secrets.GITHUB_TOKEN }}
```
In other words, we've consolidated token-type and token into a single arg.
The skip-tags input has been removed. If you previously used skip-tags: latest, you should now specify a negative glob pattern in image-tags.
```
- filter-tags: l*
- skip-tags: latest
+ image-tags: "l* !latest"
```
In other words, we've consolidated the two arguments, by adding support for the ! operator, which means "not".
The filter-include-untagged and untagged-only inputs were removed.

filter-include-untagged previously enabled you to opt-out of deleting untagged images, while untagged-only would allow you to opt-out of deleting tagged images. This was a bit confusing, even for me.

To make things simpler, these have been collapsed into one argument, called tag-selection which accepts the string values tagged, untagged, or both.
```
- filter-include-untagged: true
- untagged-only: false
+ tag-selection: both
```
or
```
- filter-include-untagged: true
- untagged-only: true
+ tag-selection: untagged
```
The cut-off input no longer accepts human-readable datetimes. Instead, it accepts the inputs listed here. For example:
```
- cut-off: two hours and 5 minutes ago UTC+2
+ cut-off: 2h 5m
```
or
```
- cut-off: One week ago UTC
+ cut-off: 1w
```
There is no longer timezone support built-into this option. All durations are relative to the current time, UTC.

Configuration

📅 Schedule: Branch creation - "after 8am on Monday" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-08-01T07:39:10Z

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

chore(deps): update github actions

4f4524a

renovate bot requested a review from a team as a code owner July 22, 2024 20:49

renovate bot added ci Continious Integration related PRs dependencies Pull requests that update a dependency file labels Jul 22, 2024

fix : replace deprecated inputs

3f3ec38

fix: download artifact failure

c4f567b

paralta approved these changes Aug 1, 2024

View reviewed changes

paralta enabled auto-merge August 1, 2024 08:22

paralta self-assigned this Aug 1, 2024

paralta added this pull request to the merge queue Aug 1, 2024

Merged via the queue into main with commit 940d351 Aug 1, 2024
17 checks passed

paralta deleted the renovate/major-github-actions branch August 1, 2024 09:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update github actions (major) #1952

chore(deps): update github actions (major) #1952

renovate bot commented Jul 22, 2024 •

edited

Loading

renovate bot commented Aug 1, 2024

chore(deps): update github actions (major) #1952

chore(deps): update github actions (major) #1952

Conversation

renovate bot commented Jul 22, 2024 • edited Loading

Release Notes

v3.0.0

Migration guide

Configuration

renovate bot commented Aug 1, 2024

Edited/Blocked Notification

renovate bot commented Jul 22, 2024 •

edited

Loading