funkemunky/actions
1
0
Fork 0
mirror of https://github.com/gradle/actions.git synced 2026-06-11 22:20:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update @actions/cache and @actions/artifact, stop ignoring them in Dependabot (#978)

Browse Source 
## What

- Bumps `@actions/cache` 6.0.0 → 6.0.1
- Bumps `@actions/artifact` 6.1.0 → 6.2.1
- Removes the Dependabot `ignore` rules for both so they're maintained
automatically going forward

## Why

Both deps were excluded from Dependabot's automatic updates:
`*actions/cache*` was fully ignored, and `*actions/artifact*` had
major/minor bumps ignored. Neither restriction is necessary.

The `cache` ignore existed out of concern for keeping versions aligned
with the vendored `gradle-actions-caching` library. That alignment isn't
required:

- The vendored bundle (`sources/vendor/gradle-actions-caching/index.js`)
**inlines** its own (patched) `@actions/cache` and exposes a type-clean
API (`restore`/`save`) that never leaks `@actions/cache` types across
the boundary.
- This repo's own direct `@actions/cache` usage is a **separate,
unpatched copy** consumed via the stock string-returning API
(`cache-service-basic.ts`, `provision.ts`), with no
`patch-package`/`postinstall` in this repo.

So there's no cross-repo sync requirement — these can be updated like
any other dependency.

## Verification

- `npm install --package-lock-only` regenerated the lockfile (resolves
cache 6.0.1, artifact 6.2.1)
- `./build` passes clean

The root `dist/` directory is intentionally left for the CI workflow to
update.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Daz DeBoer
2026-06-09 18:10:02 -06:00
committed by GitHub
parent 79f6b196a7
commit 9d6bacde37
3 changed files with 23 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/dependabot.yml
-6
View File
@@ -15,12 +15,6 @@ updates:
npm-dependencies:
patterns:
- "*"
ignore:
# Keep actions/cache and actions/artifact major aligned and force actions/cache version to match patch
- dependency-name: "*actions/cache*"
- dependency-name: "*actions/artifact*"
update-types: ["version-update:semver-major", "version-update:semver-minor"]
- package-ecosystem: "github-actions"
# github-actions with directory: "/" only monitors .github/workflows
# https://github.com/dependabot/dependabot-core/issues/6345