Skip to content

build(deps): Bump actions/setup-go from 4 to 5 #2302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): Bump actions/setup-go from 4 to 5 #2302

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 7, 2023

Bumps actions/setup-go from 4 to 5.

Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

New Contributors

Full Changelog: actions/setup-go@v4...v5.0.0

v4.1.0

What's Changed

In scope of this release, slow installation on Windows was fixed by @​dsame in actions/setup-go#393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (actions/setup-go#383)

This release also includes the following changes:

New Contributors

Full Changelog: actions/setup-go@v4...v4.1.0

v4.0.1

What's Changed

New Contributors

Full Changelog: actions/setup-go@v4...v4.0.1

Commits
  • 0c52d54 Update dependencies for node20 (#445)
  • bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
  • 3d65fa5 feat: bump to use actions/checkout@v4
  • 8a505c9 feat: bump to use node20 runtime
  • 883490d Merge pull request #417 from artemgavrilov/main
  • d45ebba Rephrase sentence
  • 317c661 Replace wildcards term with globs.
  • f90673a Merge pull request #1 from artemgavrilov/caching-docs-improvement
  • 8018234 Improve documentation regarding dependencies cachin
  • d085b4f Merge pull request #411 from galargh/fix/windows-hostedtoolcache
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): Bump actions/setup-go from 4 to 5
7f1c343 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the topic: infrastructure Related to project infrastructure label Dec 7, 2023
@per1234 per1234 added type: enhancement Proposed improvement os: linux Specific to Linux operating system labels Dec 8, 2023
per1234
per1234 reviewed Dec 8, 2023
View reviewed changes
Copy link
Contributor

@per1234 per1234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Linux build of Arduino IDE is dynamically linked against the glibc shared library. This results in it having a dependency on the version of the library that happens to be present in the environment it is built in. The container the Linux build runs in is intentionally configured to have an older version of glibc (#2253). This provides compatibility with a reasonable range of older distro versions that might be present on the Linux machines of Arduino IDE users (newer versions of glibc are compatible with executables linked against an older version but the reverse is not true).

Unfortunately version 5.x of the actions/setup-go GitHub Actions action used by the build job has a dependency on a higher version of glibc than is provided by the Linux container. That dependency mismatch is the case of the error that occurs at the action's step in the job after the bump proposed by this PR:

https://github.com/arduino/arduino-ide/actions/runs/7133373110/job/19425968441#step:8:86

Run actions/setup-go@v5
/usr/bin/docker exec  12c414a867245060fb29c15f66d1ad8ab4c891ec82fb1179186d007776f616c8 sh -c "cat /etc/*release | grep ^ID"
/__e/node20/bin/node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /__e/node20/bin/node)

This is the reason the workflow was intentionally configured to use actions/setup-go@v4 for the Linux build job (#2301 / e7754b7). So it is necessary to decline this bump.

Dependabot will remember this decision and only submit another PR for bumping actions/setup-go at such time the action has another major version bump (i.e., v5 -> v6). At that time, we should accept the bump in all workflow steps other than this specific step, which must remain at actions/setup-go@v4 unless we eventually abandon support for the older distro versions and update the container so that a newer version of glibc is available.

@per1234
Copy link
Contributor

per1234 commented Dec 8, 2023
edited
Loading

@dependabot ignore this major version

@dependabot dependabot bot closed this Dec 8, 2023
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2023

OK, I won't notify you about version 5.x.x again, unless you re-open this PR.

@dependabot dependabot bot deleted the dependabot/github_actions/actions/setup-go-5 branch December 8, 2023 03:16
@arduino arduino deleted a comment from dependabot bot Dec 8, 2023
@per1234 per1234 added the conclusion: declined Will not be worked on label Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@per1234 per1234 per1234 left review comments

Assignees

@per1234 per1234

Labels
conclusion: declined Will not be worked on os: linux Specific to Linux operating system topic: infrastructure Related to project infrastructure type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@per1234