chore: Cherry-picked changes from upstream#92
chore: Cherry-picked changes from upstream#92github-actions[bot] wants to merge 16 commits intomainfrom
Conversation
|
🚀 PR Updated! The PR has been updated with the latest cherry-picked commits. @step-security/maintained-actions-dev Please review and approve the changes. ❌ Build script failed. No files were committed. 📦 Target Release Version: ❗ Missing Files:
🛑 Workflow Files (Cannot be auto-applied by GitHub Actions):
❌ Conflicting Files:
|
chore: update known checksums for 0.10.10
This PR tries fetching the uv artifact from `releases.astral.sh` by default, only in cases where the artifact would otherwise have come from `https://github.com/astral-sh/uv/releases/download/`. The checksums are supposed to be the same for the mirror, and can still come from `raw.githubusercontent.com/astral-sh/versions`. If the download fails, we fall back to the original URL. This avoids hitting GitHub's Releases API which is prone to rate limiting. As far as I can tell, together with astral-sh/setup-uv#802 this PR makes a github token entirely unnecessary for this action. Towards astral-sh/uv#18503.
This PR tries fetching the uv artifact from `releases.astral.sh` by default, only in cases where the artifact would otherwise have come from `https://github.com/astral-sh/uv/releases/download/`. The checksums are supposed to be the same for the mirror, and can still come from `raw.githubusercontent.com/astral-sh/versions`. If the download fails, we fall back to the original URL. This avoids hitting GitHub's Releases API which is prone to rate limiting. As far as I can tell, together with astral-sh/setup-uv#802 this PR makes a github token entirely unnecessary for this action. Towards astral-sh/uv#18503.
This PR tries fetching the uv artifact from `releases.astral.sh` by default, only in cases where the artifact would otherwise have come from `https://github.com/astral-sh/uv/releases/download/`. The checksums are supposed to be the same for the mirror, and can still come from `raw.githubusercontent.com/astral-sh/versions`. If the download fails, we fall back to the original URL. This avoids hitting GitHub's Releases API which is prone to rate limiting. As far as I can tell, together with astral-sh/setup-uv#802 this PR makes a github token entirely unnecessary for this action. Towards astral-sh/uv#18503.
471f7e7 to
b9f3cc0
Compare
|
Claude finished @github-actions[bot]'s task —— View job I'll provide a comprehensive review of this cherry-picked PR. Review Checklist
|
🔍 Cherry-Pick Verification Report📦 Upstream Changes: 📋 File-by-File Analysis:
|
🔍 Cherry-Pick Verification Report📦 Upstream Changes: 📋 File-by-File Analysis:
|
🔍 Cherry-Pick Verification Report📦 Upstream Changes: 📋 File-by-File Analysis:
|
1 similar comment
🔍 Cherry-Pick Verification Report📦 Upstream Changes: 📋 File-by-File Analysis:
|

Cherry-picked changes from upstream.