build(deps): Bump actions/checkout from 3 to 4 #2257
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
There was a problem hiding this comment.
The Linux build of Arduino IDE is dynamically linked against the glibc shared library. This results in it having a dependency on the version of the library that happens to be present in the environment it is built in. The container the Linux build runs in is intentionally configured to have an older version of glibc (#2253). This provides compatibility with a reasonable range of older distro versions that might be present on the Linux machines of Arduino IDE users (newer versions of glibc are compatible with executables linked against an older version but the reverse is not true).
Unfortunately version 4.x of the actions/checkout GitHub Actions action used by the build job has a dependency on a higher version of glibc than is provided by the Linux container. That dependency mismatch is the case of the error that occurs at the action's step in the job after the bump proposed by this PR:
https://github.com/arduino/arduino-ide/actions/runs/6500322388/job/17655503700?pr=2257#step:4:1
Run actions/checkout@v4
/usr/bin/docker exec e664496daf8282f381bb449ea729006804f386f336833df2aa88e887ffd6b3ef sh -c "cat /etc/*release | grep ^ID"
/__e/node20/bin/node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /__e/node20/bin/node)
This is the reason the workflow was intentionally configured to use actions/checkout@v3 for the Linux build job. So it is necessary to decline this bump.
Dependabot will remember this decision and only submit another PR for bumping actions/checkout at such time the action has another major version bump (i.e., v5 -> v6). At that time, we should accept the bump in all workflow steps other than this specific step, which must remain at actions/checkout@v3 unless we eventually abandon support for the older distro versions and update the container so that a newer version of glibc is available.
|
@dependabot ignore this major version |
|
OK, I won't notify you about version 4.x.x again, unless you re-open this PR. |
dependabot
bot
deleted the
dependabot/github_actions/actions/checkout-4
branch
per1234
added
type: enhancement
Bumps actions/checkout from 3 to 4.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
8ade135Prepare 4.1.0 release (#1496)c533a0aAdd support for partial checkout filters (#1396)72f2cecUpdate README.md for V4 (#1452)3df4ab1Release 4.0.0 (#1447)8b5e8b7Support fetching without the --progress option (#1067)97a652bUpdate default runtime to node20 (#1436)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)