Skip to content

[renovate] Update jdx/mise-action action to v4#725

Merged
david-cho-lerat-sonarsource merged 1 commit into
mainfrom
renovate/major-4-github-actions-dependencies
Jul 3, 2026
Merged

[renovate] Update jdx/mise-action action to v4#725
david-cho-lerat-sonarsource merged 1 commit into
mainfrom
renovate/major-4-github-actions-dependencies

Conversation

@renovate

@renovate renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
jdx/mise-action action major v3.6.1v4.2.0

Release Notes

jdx/mise-action (jdx/mise-action)

v4.2.0: : Bootstrap mode & wget fallback

Compare Source

This release adds an opt-in bootstrap mode for projects that use mise bootstrap, and makes the action work on runner images that ship wget but not curl.

Added

Bootstrap mode (#​522) by @​jdx

Three new inputs let the action drive mise bootstrap instead of mise install:

- uses: jdx/mise-action@v4
  with:
    bootstrap: true
    bootstrap_skip: "tools,task"   # comma-separated parts to skip
    bootstrap_args: "--yes"        # extra args forwarded to mise bootstrap
  • When bootstrap: true, the action runs mise bootstrap under the existing install gate and sets MISE_EXPERIMENTAL=1 automatically.
  • If a repo mise lock file is present, it runs mise --locked bootstrap, matching the auto-lock behavior introduced for mise install in v4.1.0.
  • install_args cannot be combined with bootstrap: true — the action fails fast and tells you to use bootstrap_skip / bootstrap_args instead, because full bootstrap doesn't support partial tool install args.
  • A new {{bootstrap_hash}} template variable is included in the default cache key (and available in custom cache_key templates) so bootstrap and non-bootstrap configurations don't share caches.

bootstrap_skip relies on mise bootstrap --skip from jdx/mise#10497, so make sure you're on a recent mise version if you use it.

Fixed

  • Fall back to wget when curl is unavailable (#​521) by @​risu729 — The action used to hard-code curl for fetching the mise binary, tar/zip archives, and the latest VERSION lookup, which broke on minimal runner images that only ship wget. It now prefers curl and transparently falls back to wget, preserving the streaming download | tar fast path for .tar.gz and .tar.zst installs on Linux/macOS. Proxy support is unchanged — both tools honor HTTP_PROXY/HTTPS_PROXY. Addresses jdx/mise#10488.

Documentation

Full Changelog: jdx/mise-action@v4.1.0...v4.2.0

v4.1.0: : automatic --locked installs

Compare Source

This release adds automatic locked installs when a mise.lock is present, and fixes a long-standing cache-key collision that could poison tool installs when workflows migrate between runner providers.

Added
Automatic --locked install when mise.lock exists (#​495) by @​zeitlinger

When a repo contains mise.lock, the action now automatically passes --locked to mise install (on mise versions that support it). This removes the need to manually set install_args: --locked and prevents mise install from silently mutating the lockfile in CI. Explicit install_args and older mise versions are still respected.

Note: workflows with a stale lockfile may now fail earlier and more explicitly instead of silently updating mise.lock mid-run — this surfaces lockfile drift rather than hiding it.

Fixed
  • Cache key collisions across runner providers (#​456) — the default cache key now includes the runner image (e.g. macos15, ubuntu24 for GitHub-hosted runners; self-hosted otherwise). Previously, repos migrating between providers like github-hosted, namespace.so, BuildJet, and self-hosted runners with the same OS/arch could restore a peer provider's ~/.local/share/mise/installs/*, causing failures like does not have an executable named '…' or SIGILL crashes from binaries built against a different glibc/CPU featureset. Expect a one-time cache miss after upgrading; thereafter the cache stays scoped per image.
  • mise-shim.exe missing on Windows (#​476) by @​risu729 — the action now installs mise-shim.exe alongside mise.exe and repairs restored caches that lack the shim. Fixes #​475.
Changed
  • Migrated the bundled action build from ncc (CommonJS) to Rollup (ESM) (#​436). No user-facing behavior change.

Full Changelog: jdx/mise-action@v4.0.1...v4.1.0

v4.0.1: : Documentation and Internal Cleanup

Compare Source

A small maintenance release that updates the README documentation to reflect v4 and cleans up internal code. There are no functional changes to the action itself.

Changed
  • Updated all README examples to reference jdx/mise-action@v4, actions/checkout@v6, and current tool versions by @​deining in #​407 and #​408
  • Extracted getCwd() helper to deduplicate working directory resolution logic (internal refactor, no behavior change) by @​altendky in #​403
New Contributors

Full Changelog: jdx/mise-action@v4.0.0...v4.0.1

v4.0.0: : Node.js 24 Runtime

Compare Source

A major version bump that updates the action's runtime from Node.js 20 to Node.js 24. GitHub has deprecated Node.js 20 for Actions and will force Node.js 24 as the default starting June 2, 2026. This release proactively adopts the new runtime to eliminate deprecation warnings and ensure continued compatibility.

Breaking Changes
  • The action now runs on the Node.js 24 runtime instead of Node.js 20. If your workflow pins jdx/mise-action@v3, you will continue to see deprecation warnings. Update to jdx/mise-action@v4 to resolve them:

    - uses: jdx/mise-action@v4

    This should be a seamless upgrade for the vast majority of users — no configuration changes are needed beyond updating the version reference.

Changed
New Contributors

Full Changelog: jdx/mise-action@v3...v4.0.0

v4

Compare Source

v3.6.3

Compare Source

What's Changed
New Contributors

Full Changelog: jdx/mise-action@v3.6.2...v3.6.3

v3.6.2

Compare Source

What's Changed
New Contributors

Full Changelog: jdx/mise-action@v3.6.1...v3.6.2


Configuration

📅 Schedule: (in timezone CET)

  • Branch creation
    • Between 12:00 AM and 02:59 AM (* 0-2 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

  • If the PR is green: it means that the dependencies have been update successfully; double check the changelog and merge! When merging don't forget to squash the commit and add prefix the commit message witht the JIRA tickets that has been automatically created.
  • If the PR is red: something went wrong; double check the changelog and then either:
    • Fix the issues if the breaking changes are quick to fix or you have the time for it: make sure to add a new commit and not to modify the one from the Renovate
    • If the required changes are too big: create a JIRA ticket and assign it to the FEE squad, finally update the rennovate.json file to ignore the dependency and document the reason why it has been ignored, the Renovate PR can be closed.

To know more about the whole process, check our WebApp dependencies management xtranet page.

@netlify

netlify Bot commented Jul 3, 2026

Copy link
Copy Markdown

Deploy Preview for echoes-react ready!

Name Link
🔨 Latest commit 681c22d
🔍 Latest deploy log https://app.netlify.com/projects/echoes-react/deploys/6a47d33bf278c7000848b85a
😎 Deploy Preview https://deploy-preview-725--echoes-react.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@hashicorp-vault-sonar-prod

hashicorp-vault-sonar-prod Bot commented Jul 3, 2026

Copy link
Copy Markdown

Renovate Jira issue ID: ECHOES-1415

@sonarqube-next

sonarqube-next Bot commented Jul 3, 2026

Copy link
Copy Markdown

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@david-cho-lerat-sonarsource david-cho-lerat-sonarsource merged commit 0e28f71 into main Jul 3, 2026
13 checks passed
@david-cho-lerat-sonarsource david-cho-lerat-sonarsource deleted the renovate/major-4-github-actions-dependencies branch July 3, 2026 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant