◐ Shell
clean mode source ↗

Bump Vampire/setup-wsl from 6.0.0 to 7.0.0 by dependabot[bot] · Pull Request #2124 · gitpython-developers/GitPython

dependabot

@EliahKagan It looks like this update is a breaking change to WSL, and I also don't know how much we want it.

TL;DR: This should be easy to fix and it's a good update to take once we slightly adjust our CI workflow to adapt to it, but I haven't rushed to do it since I think it makes sense to do it at the same time as some other changes.

The improvements to Vampire/setup-wsl since the version we're currently using actually include a fix for Vampire/setup-wsl#82, which I had reported, as it relates to #2107 and #2108 here. Alpine had started always giving a 403 error on download.

Even if we stick with Debian, I think we'll still want the upgrade, because if I understand correctly, in the version of the action we're currently on, Debian is affected by a different but related bug that kept it from getting current packages (Vampire/setup-wsl#76, Vampire/setup-wsl#85). In both cases, the underlying broad cause is that some distros can only be obtained reliably by methods that require they be specified with a version number, and lack a reliable and correct way to get them without specifying a version.

The CI failures here can be fixed by specifying the Debian version or, perhaps better, by no longer specifying the distro at all--since I think, from this point on and for a while, the default distro and version is likely to be reasonable for our purposes. Also, because Debian now has to be specified versioned, the action's default distro itself specifies it versioned, with the default version changing only when the action is upgraded. So the version of Debian we're using shouldn't drift at unexpected times. There's an intermediate version between what we're using and this version, where CI wouldn't fail, because the way we're specifying Debian is deprecated but not removed. But to get the main benefit, we'd have to stop specifying it that way anyway.

I've been meaning to make the changes described above, but I figured it would make sense to do it at the same time as dependabot.yml is edited to no longer allow beta ecosystems, as that's no longer required for pre-commit updates; and to add a 7-day cooldown for ecosystems that support it, which I think, of those we use here, is only github-actions. The cooldown period might also make it so this action wouldn't come in until a little later, which is another reason I haven't rushed to integrate this PR--we might end up taking the above-mentioned intermediate version first. When making these changes, it would also make sense to pin actions to full OIDs, which is a good thing in and of itself and also increases the benefit conferred by cooldown.

However, I have no objection to these things being done at different times or in a different order. (If you think some should not be done at all, please let me know, since I might otherwise proceed to do them.)