Skip to content

Replace actions/setup-go with actions/setup-python in smoke test#409

Merged
jeffwidman merged 1 commit into
mainfrom
swap-setup-go-for-setup-python
Apr 1, 2026
Merged

Replace actions/setup-go with actions/setup-python in smoke test#409
jeffwidman merged 1 commit into
mainfrom
swap-setup-go-for-setup-python

Conversation

@jeffwidman

@jeffwidman jeffwidman commented Mar 10, 2026

Copy link
Copy Markdown
Member

The smoke test fixture (.github/workflows/i-am-a-smoke-test.yml) previously used actions/setup-go, which is also used in real CI workflows (smoke.yml, cache-all.yml, etc.). This caused Dependabot to open PRs like #160 that conflicted with the smoke test's intentionally-pinned version.

At the time, we ignored them:

However, that's now a problem because the latest version of actions/setup-go has a caching update that would be nice to have:

So I've unignored that dependency:

However, this will try to update our test workflow, which we do not want.

So instead, let's:

  • Replaces actions/setup-go with actions/setup-python in the smoke test fixture, since actions/setup-python isn't used in any real workflow
  • Regenerates the smoke-actions test
  • Adds explicit ignore rules in dependabot.yml for all three test fixture actions (actions/setup-python, actions/setup-ruby, actions/setup-node) to prevent Dependabot from proposing updates to intentionally-pinned dependencies

@jeffwidman jeffwidman requested a review from a team as a code owner March 10, 2026 03:55
@jeffwidman jeffwidman force-pushed the swap-setup-go-for-setup-python branch from 7c68300 to 3378db5 Compare March 10, 2026 04:00
Comment thread .github/dependabot.yml
Comment on lines +9 to +13
ignore:
# These are intentionally pinned to old versions for the smoke test fixture: .github/workflows/i-am-a-smoke-test.yml
- dependency-name: "actions/setup-python"
- dependency-name: "actions/setup-ruby"
- dependency-name: "actions/setup-node"

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if I can actually do this... will the dependabot test command look for this dependabot.yml file and read these ignores and skip it?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like this doesn't break dependabot test, and it's certainly helpful to prevent PR's from showing up that would break our tests.

It also provides a clear documentation link within this file if someone is like "why are these not getting updated?"... it'll show them "oh, they're used int eh tests, so we tell Dependabot not to actually open PR's to bump them"

Comment thread tests/smoke-actions.yaml

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not too familiar with the format of the output so I'm a little confused to see the actions/setup-go still in here... perhaps that's not expected / desired and we'll need to regenerate this file after bumping the non-test-fixture references to actions/setup-go to the latest?

@jeffwidman jeffwidman force-pushed the swap-setup-go-for-setup-python branch from 3378db5 to 69b6b89 Compare April 1, 2026 16:52

@kbukum1 kbukum1 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jeffwidman jeffwidman merged commit eaa34d6 into main Apr 1, 2026
94 checks passed
@jeffwidman jeffwidman deleted the swap-setup-go-for-setup-python branch April 1, 2026 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants