Skip to content

build(deps): bump astral-sh/setup-uv from 7.3.0 to 7.6.0 in /.github/actions/setup-build-environment#4775

Merged
pietern merged 1 commit intomainfrom
dependabot/github_actions/dot-github/actions/setup-build-environment/astral-sh/setup-uv-7.6.0
Mar 19, 2026
Merged

build(deps): bump astral-sh/setup-uv from 7.3.0 to 7.6.0 in /.github/actions/setup-build-environment#4775
pietern merged 1 commit intomainfrom
dependabot/github_actions/dot-github/actions/setup-build-environment/astral-sh/setup-uv-7.6.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps astral-sh/setup-uv from 7.3.0 to 7.6.0.

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

We now default to download uv from releases.astral.sh. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

🧰 Maintenance

⬆️ Dependency updates

v7.5.0 🌈 Use astral-sh/versions as version provider

No more rate-limits

This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.

Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.

The manifest-file input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest. However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.

This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:

https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson

By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.

[!TIP] The next section is only interesting for users of the manifest-file input

The manifest-file input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.

The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:

{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}

... (truncated)

Commits
  • 37802ad Fetch uv from Astral's mirror by default (#809)
  • 9f00d18 chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#808)
  • fd8f376 Switch to ESM for source and test, use CommonJS for dist (#806)
  • f9070de Bump deps (#805)
  • cadb67b chore: update known checksums for 0.10.10 (#804)
  • e06108d Use astral-sh/versions as primary version provider (#802)
  • 0f6ec07 docs: replace copilot instructions with AGENTS.md (#794)
  • 821e5c9 docs: add cross-client dependabot rollup skill (#793)
  • 6ee6290 chore(deps): bump versions (#792)
  • 9f332a1 Add riscv64 architecture support to platform detection (#791)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added Dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 18, 2026
@dependabot dependabot bot added Dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 18, 2026
@pietern pietern temporarily deployed to test-trigger-is March 19, 2026 08:57 — with GitHub Actions Inactive
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 19, 2026

Suggested reviewers

Based on git history of the changed files, these people are best suited to review:

  • @pietern -- recent work in .github/workflows/, .github/actions/setup-build-environment/
  • @denik -- recent work in .github/workflows/

Confidence: low

Eligible reviewers

Based on CODEOWNERS, these people or teams could also review:

@andrewnester, @anton-107, @shreyas-goenka, @simonfaltum

Suggestions based on git history of 2 changed files (2 scored). See CODEOWNERS for path-specific ownership rules.

@pietern pietern force-pushed the dependabot/github_actions/dot-github/actions/setup-build-environment/astral-sh/setup-uv-7.6.0 branch from bb3160e to fd337f0 Compare March 19, 2026 08:58
@eng-dev-ecosystem-bot
Copy link
Copy Markdown
Collaborator

eng-dev-ecosystem-bot commented Mar 19, 2026
edited
Loading

Commit: 998a5d6

Run: 23297492894

Env 🟨​KNOWN 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
🟨​ aws linux 7 1 9 268 797 6:48
🟨​ aws windows 7 1 9 270 795 6:52
💚​ aws-ucws linux 8 9 365 712 6:58
🔄​ aws-ucws windows 2 7 9 366 710 7:34
💚​ azure linux 2 11 271 795 6:42
💚​ azure windows 2 11 273 793 5:23
🔄​ azure-ucws linux 2 1 11 369 708 8:32
🔄​ azure-ucws windows 2 1 11 371 706 5:55
💚​ gcp linux 2 11 267 798 5:47
💚​ gcp windows 2 11 269 796 6:09
18 interesting tests: 9 SKIP, 7 KNOWN, 2 flaky
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🟨​ TestAccept 🟨​K 🟨​K 💚​R 🔄​f 💚​R 💚​R 💚​R 🔄​f 💚​R 💚​R
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/ssh/connect-serverless-gpu 🙈​s 🙈​s ✅​p 🔄​f 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s
🔄​ TestAccept/ssh/connection 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 🔄​f 💚​R 💚​R 💚​R
Top 20 slowest tests (at least 2 minutes):
duration env testname
4:11 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:56 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:33 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:25 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:24 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:23 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:17 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:15 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:11 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:10 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:00 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:59 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:49 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:45 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:45 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:14 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:10 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:10 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:08 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:07 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct

@pietern pietern force-pushed the dependabot/github_actions/dot-github/actions/setup-build-environment/astral-sh/setup-uv-7.6.0 branch 2 times, most recently from 0a41be8 to b08abde Compare March 19, 2026 09:51
@pietern pietern temporarily deployed to test-trigger-is March 19, 2026 09:52 — with GitHub Actions Inactive
@pietern pietern force-pushed the dependabot/github_actions/dot-github/actions/setup-build-environment/astral-sh/setup-uv-7.6.0 branch from b08abde to 5e63042 Compare March 19, 2026 09:56
@pietern pietern mentioned this pull request Mar 19, 2026
Merged
1 task
github-merge-queue bot pushed a commit that referenced this pull request Mar 19, 2026
@pietern
Skip integration trigger for dependabot PRs (#4792)
1560aae 
## Summary
- Skip the `integration-trigger` job for dependabot PRs since dependabot
has no access to secrets
- Add a new `integration-trigger-dependabot` job that creates the
required "Integration Tests" check using the built-in `GITHUB_TOKEN`

## Test plan
- [x] Verified on PR #4775. All checks pass with integration tests
correctly skipped.

This pull request was AI-assisted by Isaac.
@pietern
Copy link
Copy Markdown
Contributor

pietern commented Mar 19, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 19, 2026

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@dependabot @pietern
build(deps): bump astral-sh/setup-uv
998a5d6 
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.3.0 to 7.6.0.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@eac588a...37802ad)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@pietern pietern force-pushed the dependabot/github_actions/dot-github/actions/setup-build-environment/astral-sh/setup-uv-7.6.0 branch from 5e63042 to 998a5d6 Compare March 19, 2026 13:33
@pietern pietern temporarily deployed to test-trigger-is March 19, 2026 13:34 — with GitHub Actions Inactive
pietern
pietern approved these changes Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@pietern pietern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patch bump for setup-uv in the composite action.

@pietern pietern added this pull request to the merge queue Mar 19, 2026
Merged via the queue into main with commit 570adfa Mar 19, 2026
19 checks passed
@pietern pietern deleted the dependabot/github_actions/dot-github/actions/setup-build-environment/astral-sh/setup-uv-7.6.0 branch March 19, 2026 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pietern pietern pietern approved these changes

@andrewnester andrewnester Awaiting requested review from andrewnester andrewnester is a code owner

@anton-107 anton-107 Awaiting requested review from anton-107 anton-107 is a code owner

@denik denik Awaiting requested review from denik denik is a code owner

@shreyas-goenka shreyas-goenka Awaiting requested review from shreyas-goenka shreyas-goenka is a code owner

@simonfaltum simonfaltum Awaiting requested review from simonfaltum simonfaltum is a code owner

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eng-dev-ecosystem-bot @pietern