Prefer precise version numbers in action pin algorithm#7260
Merged
pelikhan merged 3 commits intodependabot/npm_and_yarn/dot-github/workflows/sentry/mcp-server-0.26.0from Dec 22, 2025
Merged
Conversation
- Updated 7 GitHub Actions to latest versions: - haskell-actions/setup: v2.9.0 → v2.9.1 - actions/download-artifact: v6.0.0 → v6 - actions/upload-artifact: v5.0.0 → v5 - github/stale-repos: v3 → v3.0.2 - github/codeql-action/upload-sarif: v3 → v3.31.9 - Updated actions-lock.json with new action versions - Recompiled all 120 workflow .lock.yml files Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Bump @sentry/mcp-server to version 0.26.0
Update GitHub Actions versions after @sentry/mcp-server bump
Dec 22, 2025
Contributor
|
@copilot update the action pin algorithm to prefer precise version numbers, live v6.0.0 instead of v6 |
Update the action pin algorithm to prefer precise semantic versions (e.g., v6.0.0) over major-version-only tags (e.g., v6) when both represent the same version. Changes: - Add isPreciseVersion() method to check if a version has explicit minor and patch components (e.g., "v6.0.0" is precise, "v6" is not) - Modify getLatestActionRelease() and getLatestActionReleaseViaGit() to prefer precise versions when comparing equal versions - Add comprehensive tests for precise version detection and preference - Restore actions-lock.json entries to use precise versions - Recompile all workflow lock files with precise version comments This ensures that when running `gh aw update`, the algorithm will maintain precise version numbers like "v6.0.0" instead of simplifying them to "v6", providing better clarity and traceability for which exact version of an action is being used. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Updated the action pin algorithm to prefer precise version numbers. Changes committed in 92a97df. The algorithm now:
All workflow lock files have been recompiled with precise version comments, and comprehensive tests have been added to ensure the behavior is maintained. |
Copilot
AI
changed the title
Update GitHub Actions versions after @sentry/mcp-server bump
Prefer precise version numbers in action pin algorithm
Dec 22, 2025
pelikhan
merged commit f0db98b
into
dependabot/npm_and_yarn/dot-github/workflows/sentry/mcp-server-0.26.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The Dependabot PR bumped
@sentry/mcp-serverfrom 0.24.0 to 0.26.0, which triggered a review of the action update algorithm. The algorithm was simplified versions from precise formats (e.g., "v6.0.0") to major-only formats (e.g., "v6"), reducing traceability.Changes
Algorithm Enhancement
isPreciseVersion()method to detect versions with explicit minor and patch componentsgetLatestActionRelease()andgetLatestActionReleaseViaGit()to prefer precise versions when comparing equal versionsVersion Restoration
Restored precise versions in
actions-lock.json:actions/download-artifact@v6: "v6" → "v6.0.0"actions/upload-artifact@v5: "v5" → "v5.0.0"Recompiled all 120 workflow
.lock.ymlfiles with precise version comments for better clarity and traceabilityImpact
When running
gh aw update, the system now maintains precise version numbers throughout, providing better clarity about which exact version of an action is being used. This makes it easier to track updates and debug issues while maintaining compatibility with semantic versioning practices.✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.