Skip to content

chore: bump action pins, poetry 2.4.1, python-version default 3.13 (ADDON-89094)#524

Merged
mkolasinski-splunk merged 4 commits into
release/5.6.0from
chore/addon-89094-bump-dependencies
Jul 18, 2026
Merged

chore: bump action pins, poetry 2.4.1, python-version default 3.13 (ADDON-89094)#524
mkolasinski-splunk merged 4 commits into
release/5.6.0from
chore/addon-89094-bump-dependencies

Conversation

@mkolasinski-splunk

Copy link
Copy Markdown
Contributor

Summary

  • Bump GitHub Action pins: actions/checkout@v7, actions/upload-artifact@v7, actions/download-artifact@v8, actions/cache@v6.1.0, fsfe/reuse-action@v6.0.0, trufflesecurity/trufflehog@v3.95.9, splunk/appinspect-cli-action@v2.13.0; normalize matrix-action@v3.1@v3.2.
  • Bump POETRY_VERSION to 2.4.1 and POETRY_EXPORT_PLUGIN_VERSION to 1.10.0 (latest on PyPI as of this bump).
  • Bump the python-version input default from 3.9 to 3.13, since poetry 2.4.1 requires Python >=3.10. README updated to match.

Validation

Two-tier validation against splunk/test-addonfactory-repo, branched off the PR that repoints test-repo main at @release/5.6.0 (splunk/test-addonfactory-repo#378) to inherit GH_TOKEN_ADMIN and the release-pinned reusable workflow.

  • Control run (python-version 3.9, all other bumps applied): all jobs green, including quality-appinspect-cloudhttps://github.com/splunk/test-addonfactory-repo/actions/runs/29605639162
  • Validation run (python-version 3.13): https://github.com/splunk/test-addonfactory-repo/actions/runs/29637138898
    • run-unit-tests: PASS — confirms the poetry/Python version fix (poetry 2.4.1 requires >=3.10; the prior default of 3.9 broke pip install poetry==2.4.1).
    • quality-appinspect-cloud: fails on check_all_python_files_are_well_formed, flagging vendored third-party files (lib/pkg_resources/_vendor/...) in the test-repo's fixture TA. This is expected: with PYTHON_VERSION=3.13 appinspect now validates against the 3.13 interpreter, and the fixture TA's vendored libs aren't 3.13-clean. The workflow is behaving correctly (validating against the interpreter the TA will actually run on); this is a property of the fixture TA, not a workflow defect. Real consumer TAs address this via .appinspect.expect.yaml.
    • run-ui-tests (10.4.1, ...): fails on a Selenium TimeoutException: Could not log in to the Splunk instance after retries — an infra flake unrelated to this change.
    • Validate PR title: fails on both this run and the control run — pre-existing, unrelated (semantic-PR check on the throwaway validation PR's title).

Test plan

  • Control run confirms all other bumps validated clean
  • Validation run confirms run-unit-tests green under python-version 3.13
  • appinspect-cloud failure root-caused to fixture-TA vendored libs, not a workflow defect
  • UI test failure confirmed to be Splunk-login-timeout infra flake, unrelated

@mkolasinski-splunk
mkolasinski-splunk requested a review from a team as a code owner July 18, 2026 11:48
@mkolasinski-splunk

Copy link
Copy Markdown
Contributor Author

Validated against test-addonfactory-repo:

@mkolasinski-splunk
mkolasinski-splunk merged commit 1d9c6f0 into release/5.6.0 Jul 18, 2026
2 checks passed
@mkolasinski-splunk
mkolasinski-splunk deleted the chore/addon-89094-bump-dependencies branch July 18, 2026 11:52
@github-actions github-actions Bot locked and limited conversation to collaborators Jul 18, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant