Skip to content

chore(deps): update astral-sh/setup-uv action to v7.1.3 #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update astral-sh/setup-uv action to v7.1.3 #232

wants to merge 1 commit into from
+10 −10

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 2, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
astral-sh/setup-uv action patch v7.1.1 -> v7.1.3

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

astral-sh/setup-uv (astral-sh/setup-uv)

v7.1.3

Compare Source

v7.1.2: 🌈 Speed up extraction on Windows

Compare Source

Changes

@​lazka fixed a bug that caused extracting uv to take up to 30s. Thank you!

🐛 Bug fixes

🧰 Maintenance

⬆️ Dependency updates

Configuration

📅 Schedule: Branch creation - "before 2am every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added bot Automated pull requests or issues dependencies Pull requests that update a dependency file renovate Pull requests from Renovate skip:test:long_running Skip long-running tests (≥5min) labels Nov 2, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 2, 2025
edited
Loading

Claude finished @renovate[bot]'s task —— View job

Review of PR #232: Update astral-sh/setup-uv to v7.1.2

Tasks:

  • Read repository documentation (CLAUDE.md, .github/CLAUDE.md)
  • Review all 9 changed workflow files
  • Verify version consistency
  • Check release notes for breaking changes
  • Validate workflow syntax
  • Provide comprehensive review feedback

✅ Summary: APPROVED - Safe to Merge

This is a clean, well-executed dependency update with no issues found. All critical checks pass.

Review Findings

✅ Strengths

  1. Perfect Consistency - All 10 references to astral-sh/setup-uv updated consistently:

    • Old: @2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 (v7.1.1)
    • New: @85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 (v7.1.2)
    • Comments properly updated: # v7.1.2

  2. Complete Coverage - All affected workflows updated:

    • _audit.yml
    • _build-native-only.yml
    • _claude-code.yml
    • _lint.yml
    • _package-publish.yml (2 occurrences)
    • _scheduled-audit.yml
    • _scheduled-test-daily.yml
    • _scheduled-test-hourly.yml
    • _test.yml

  3. Proper Commit Convention - Follows conventional commits:

    chore(deps): update astral-sh/setup-uv action to v7.1.2

    ✅ Type: chore ✅ Scope: deps ✅ Clear description

  4. Non-Breaking Change - Release v7.1.2 contains only:

    • 🐛 Bug fix: Faster extraction on Windows (30s → instant via tar)
    • 🧰 Maintenance: Known checksums update for uv 0.9.5
    • ⬆️ Dependency bumps (internal to the action)

  5. Workflow Syntax Valid - All YAML remains syntactically correct:

    • Proper indentation preserved
    • Parameters unchanged (version-file, enable-cache, cache-dependency-glob)
    • Step order intact

🔍 Verification Performed

# Version consistency check
$ grep -r "setup-uv@" .github/workflows/*.yml | wc -l
10  # All 10 references found

$ grep "v7.1.2" .github/workflows/*.yml | wc -l
10  # All updated to v7.1.2 ✅

# Commit convention check
$ git log origin/main..HEAD --oneline
e653800 chore(deps): update astral-sh/setup-uv action to v7.1.2 ✅

📋 CI/CD Impact Assessment

Affected Pipelines:

  • ✅ Main CI/CD (ci-cd.yml → all reusable workflows)
  • ✅ Scheduled tests (staging 6h, production 24h)
  • ✅ Scheduled audits (hourly)
  • ✅ Claude Code automation
  • ✅ Native builds (6 platforms)
  • ✅ Package publishing

Expected Behavior:

  • Faster CI runs on Windows runners (30s saved per workflow using Windows)
  • No functional changes to uv installation
  • Cache behavior unchanged
  • Python version detection unchanged

Risk Level: MINIMAL

  • Patch version bump (7.1.1 → 7.1.2)
  • Only bug fixes and maintenance
  • No API changes to action inputs/outputs
  • Pin-by-SHA prevents supply chain attacks

🎯 Recommendations

  1. Merge immediately - No blocking issues, safe patch update
  2. Monitor first CI run - Verify Windows jobs complete faster
  3. No rollback needed - Pin-by-SHA ensures reproducibility if issues arise

📚 Compliance with CLAUDE.md

  • ✅ Follows .github/CLAUDE.md workflow architecture guidance
  • ✅ Maintains reusable workflow pattern consistency
  • ✅ Preserves all security best practices (SHA pinning)
  • ✅ No medical device compliance impact (infrastructure-only change)

Conclusion: This PR exemplifies best practices for automated dependency updates. Renovate has done excellent work maintaining consistency across all workflow files. Recommended action: Merge.

@renovate renovate bot changed the title chore(deps): update astral-sh/setup-uv action to v7.1.2 chore(deps): update astral-sh/setup-uv action to v7.1.3 Nov 10, 2025
@renovate renovate bot force-pushed the renovate/astral-sh-setup-uv-7.x branch from e653800 to 54c3cb0 Compare November 10, 2025 23:51
@github-actions
Copy link
Contributor

github-actions bot commented Nov 10, 2025
edited
Loading

Claude finished @renovate[bot]'s task —— View job

Review of PR #232: Update astral-sh/setup-uv to v7.1.3

Tasks:

  • Read repository documentation (CLAUDE.md, .github/CLAUDE.md)
  • Review release notes for v7.1.3
  • Review all 9 changed workflow files
  • Verify version consistency and SHA pinning
  • Check for breaking changes
  • Validate workflow syntax
  • Provide comprehensive review feedback

✅ Summary: APPROVED - Safe to Merge

This is a clean, well-executed dependency update with no issues found. All critical checks pass.

Review Findings

✅ Strengths

1. Perfect Version Consistency

All 10 references to astral-sh/setup-uv updated consistently across 9 workflow files:

  • Old: @2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 (v7.1.1)
  • New: @5a7eac68fb9809dea845d802897dc5c723910fa3 (v7.1.3)
  • Comments: Properly updated: # v7.1.3

✅ Verified: 10/10 references use correct SHA
✅ Verified: 0 old v7.1.1 references remain
✅ Verified: SHA matches official v7.1.3 release tag

2. Complete Coverage

All affected workflows updated:

  • _audit.yml (1 occurrence)
  • _build-native-only.yml (1 occurrence)
  • _claude-code.yml (1 occurrence)
  • _lint.yml (1 occurrence)
  • _package-publish.yml (2 occurrences - build + publish jobs)
  • _scheduled-audit.yml (1 occurrence)
  • _scheduled-test-daily.yml (1 occurrence)
  • _scheduled-test-hourly.yml (1 occurrence)
  • _test.yml (1 occurrence)

3. Proper Commit Convention

✅ Follows conventional commits format:

chore(deps): update astral-sh/setup-uv action to v7.1.3
  • Type: chore
  • Scope: deps
  • Clear description ✅

4. Non-Breaking Changes

Release v7.1.3 contains only:

🐛 Bug Fix: Restored compatibility with act (local GitHub Actions testing)

  • Downgraded undici dependency to older version
  • Changed TypeScript target to ES2022
  • Added automated act compatibility testing

🧰 Maintenance:

  • Known checksums updated for uv 0.9.6, 0.9.7, 0.9.8
  • Documentation clarification for cache-dependency-glob parameter

No breaking changes - purely bug fixes and maintenance.

5. Workflow Syntax Valid

All YAML remains syntactically correct:

  • ✅ Proper indentation preserved
  • ✅ Parameters unchanged (version-file, enable-cache, cache-dependency-glob)
  • ✅ Step order intact
  • ✅ No workflow logic changes

🔍 Verification Performed

# Version consistency check
$ grep -r "setup-uv@" .github/workflows/*.yml | wc -l
10  # All 10 references found ✅

$ grep "v7.1.3" .github/workflows/*.yml | wc -l
10  # All updated to v7.1.3 ✅

$ grep "5a7eac68fb9809dea845d802897dc5c723910fa3" .github/workflows/*.yml | wc -l
10  # All use correct SHA ✅

$ grep "2ddd2b9cb38ad8efd50337e8ab201519a34c9f24" .github/workflows/*.yml | wc -l
0   # No old v7.1.1 references remain ✅

# Commit convention check
$ git log main..HEAD --oneline
54c3cb0 chore(deps): update astral-sh/setup-uv action to v7.1.3 ✅

📋 CI/CD Impact Assessment

Affected Pipelines:

  • ✅ Main CI/CD (ci-cd.yml → all reusable workflows)
  • ✅ Scheduled tests (staging 6h, production 24h)
  • ✅ Scheduled audits (hourly)
  • ✅ Claude Code automation
  • ✅ Native builds (6 platforms)
  • ✅ Package publishing

Expected Behavior:

  • Restored act compatibility for developers testing workflows locally
  • Improved cache-dependency-glob parameter documentation
  • Support for newer uv versions (0.9.6, 0.9.7, 0.9.8)
  • No functional changes to uv installation behavior
  • Cache behavior unchanged
  • Python version detection unchanged

Risk Level: MINIMAL

  • Patch version bump (7.1.1 → 7.1.3)
  • Only bug fixes and maintenance
  • No API changes to action inputs/outputs
  • Pin-by-SHA prevents supply chain attacks

🎯 Recommendations

  1. ✅ Merge immediately - No blocking issues, safe patch update
  2. Monitor first CI run - Verify no unexpected issues (very unlikely)
  3. Optional: Test with act if developers use it locally
  4. No rollback needed - Pin-by-SHA ensures reproducibility if issues arise

📚 Compliance with CLAUDE.md

  • ✅ Follows .github/CLAUDE.md workflow architecture guidance
  • ✅ Maintains reusable workflow pattern consistency
  • ✅ Preserves all security best practices (SHA pinning + version comment)
  • ✅ No impact on medical device compliance (infrastructure-only change)
  • ✅ All 19 workflows remain properly orchestrated

🏆 What Changed Since Previous Review (v7.1.2 → v7.1.3)

The previous review approved v7.1.2 which included:

  • 🐛 Windows extraction speed fix (30s → instant via tar)
  • 🧰 Checksums for uv 0.9.5

This update (v7.1.3) adds:

  • 🐛 act compatibility restoration (main change)
  • 🧰 Checksums for uv 0.9.6, 0.9.7, 0.9.8
  • 📝 Documentation improvements

Both updates are low-risk patch releases with no breaking changes.

Conclusion

This PR exemplifies best practices for automated dependency updates. Renovate has done excellent work maintaining consistency across all workflow files with proper SHA pinning and version comments.

✅ APPROVED - Recommended action: Merge immediately

@codecov
Copy link

codecov bot commented Nov 11, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

❗ There is a different number of reports uploaded between BASE (3eddfe4) and HEAD (54c3cb0). Click for more details.

HEAD has 6 uploads less than BASE
Flag BASE (3eddfe4) HEAD (54c3cb0)
7 1

see 22 files with indirect coverage changes

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 11, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen Awaiting requested review from helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen is a code owner

Assignees

No one assigned

Labels

bot Automated pull requests or issues dependencies Pull requests that update a dependency file renovate Pull requests from Renovate skip:test:long_running Skip long-running tests (≥5min)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant