Skip to content

Bump senzing-factory/github-action-install-senzing-sdk from 3 to 4 in the senzing-factory group#133

Open
dependabot[bot] wants to merge 3 commits intomainfrom
dependabot/github_actions/senzing-factory-eeb70d1de3
Open

Bump senzing-factory/github-action-install-senzing-sdk from 3 to 4 in the senzing-factory group#133
dependabot[bot] wants to merge 3 commits intomainfrom
dependabot/github_actions/senzing-factory-eeb70d1de3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026
edited
Loading

Bumps the senzing-factory group with 1 update: senzing-factory/github-action-install-senzing-sdk.

Updates senzing-factory/github-action-install-senzing-sdk from 3 to 4

Release notes

Sourced from senzing-factory/github-action-install-senzing-sdk's releases.

4.0.0

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v3...4.0.0

3.0.6

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v3...3.0.6

3.0.5

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v3...3.0.5

3.0.4

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v3...3.0.4

3.0.3

What's Changed

Full Changelog: senzing-factory/github-action-install-senzing-sdk@v3...3.0.3

3.0.2

... (truncated)

Changelog

Sourced from senzing-factory/github-action-install-senzing-sdk's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, markdownlint, and this project adheres to Semantic Versioning.

[Unreleased]

[4.0.0] - 2026-03-12

Changed in 4.0.0

  • senzingsdk-version is now a required input
  • senzingsdk-repository-path now requires senzingsdk-version to be set (previously defaulted to major version 4)
  • Refactored install scripts to separate repository selection, version extraction, and artifact resolution into distinct phases

Added in 4.0.0

  • Semantic version support (X.Y.Z) for macOS and Windows — resolves the latest build for the given version from the S3 bucket
  • Error handling when no matching artifact is found in the S3 bucket

[1.0.0] - 2024-11-12

Added to 1.0.0

  • Install Senzing SDK on Linux, macOS, and Windows
Commits
  • 61156ab wondows requires inconsistencies (#41)
  • 24a0d08 treat the interpolated path as a literal string rather than trying to interpr...
  • ba6ca9b Add semver support for macOS/Windows and refactor install scripts (#39)
  • cba2972 fix dependabot config (#37)
  • 966e52f Update workflows for build-resources v4 (#36)
  • f6aa533 Bump senzing-factory/build-resources/.github/workflows/add-to-project.yaml (#35)
  • 2763f95 Bump senzing-factory/build-resources/.github/workflows/move-pr-to-done-depend...
  • 751e079 Bump senzing-factory/build-resources/.github/workflows/link-issues-to-pull-re...
  • 27d4f0b Bump senzing-factory/build-resources/.github/workflows/dependabot-approve-and...
  • b0d6f08 Bump senzing-factory/build-resources/.github/workflows/add-to-project-dependa...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump senzing-factory/github-action-install-senzing-sdk
1047714 
Bumps the senzing-factory group with 1 update: [senzing-factory/github-action-install-senzing-sdk](https://github.com/senzing-factory/github-action-install-senzing-sdk).


Updates `senzing-factory/github-action-install-senzing-sdk` from 3 to 4
- [Release notes](https://github.com/senzing-factory/github-action-install-senzing-sdk/releases)
- [Changelog](https://github.com/senzing-factory/github-action-install-senzing-sdk/blob/main/CHANGELOG.md)
- [Commits](senzing-factory/github-action-install-senzing-sdk@v3...v4)

---
updated-dependencies:
- dependency-name: senzing-factory/github-action-install-senzing-sdk
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: senzing-factory
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner March 13, 2026 17:45
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 13, 2026
@github-actions
Copy link

github-actions bot commented Mar 13, 2026

🤖 Claude Code Review

PR Code Review

This PR bumps senzing-factory/github-action-install-senzing-sdk from @v3 to @v4 across 7 workflow files.

Code Quality

  • Style guide: Workflow files follow consistent YAML formatting.
  • No commented-out code: None present.
  • Meaningful variable names: No changes to variable names.
  • DRY principle: The change is applied consistently across all affected workflow files.
  • Defects: No bugs or logic errors introduced. The change is a straightforward version bump applied uniformly. No race conditions, security vulnerabilities, or edge cases introduced.
  • CLAUDE.md: No issues. The project config is appropriately general.

Testing

  • Unit/integration tests: Not applicable — this is a CI workflow-only change.
  • Edge cases: N/A.
  • Coverage: N/A.

Documentation

  • README: No update needed for a workflow action version bump.
  • API docs: N/A.
  • Inline comments: N/A.
  • CHANGELOG.md: Not included in diff — consider whether the project convention requires changelog entries for CI dependency bumps.
  • Markdown formatting: No markdown files changed.

Security

  • No hardcoded credentials: None present.
  • Input validation: N/A.
  • Error handling: N/A.
  • No sensitive data in logs: N/A.
  • No license files (.lic) checked in: None present.

Summary

This is a clean, minimal, and consistent version bump. All 7 workflow files are updated uniformly (v3v4). No issues found. The only minor consideration is whether a CHANGELOG entry is expected per project convention — if so, one should be added.

Automated code review analyzing defects and coding standards

@github-actions
Copy link

github-actions bot commented Mar 13, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions
Copy link

github-actions bot commented Mar 19, 2026

🤖 Claude Code Review

PR Code Review

This PR upgrades the senzing-factory/github-action-install-senzing-sdk action from @v3 to @v4 across 7 workflow files.

Code Quality

  • Style guide: Workflow files follow consistent formatting conventions.
  • No commented-out code: None present.
  • Meaningful variable names: N/A for this change.
  • DRY principle: The change is consistently applied across all relevant workflow files.
  • Defects: No logic errors. The change is a straightforward version bump applied uniformly across all 7 affected files:
    • .github/workflows/csharp-darwin-snippets.yaml
    • .github/workflows/csharp-linux-snippets.yaml
    • .github/workflows/csharp-windows-snippets.yaml
    • .github/workflows/dotnet-format.yaml
    • .github/workflows/java-darwin-snippets.yaml
    • .github/workflows/java-linux-snippets.yaml
    • .github/workflows/java-windows-snippets.yaml
  • CLAUDE.md: No issues. The project instructions are general and environment-agnostic.

Testing

  • Unit/integration tests: N/A — this is a CI workflow version bump, not application code.

Documentation

  • README: No update needed for a CI action version bump.
  • API docs: N/A.
  • Inline comments: N/A.
  • CHANGELOG.md: Not included in diff — worth confirming this bump is noted there if the project maintains one.
  • Markdown formatting: N/A for this diff.

Security

  • No hardcoded credentials: None present.
  • Input validation: N/A.
  • Error handling: N/A.
  • No sensitive data in logs: N/A.
  • No license files: None present.
  • ⚠️ Action version pinning: The action is referenced by a mutable tag (@v4) rather than a pinned commit SHA. If supply chain security is a concern, consider pinning to a specific commit hash (e.g., senzing-factory/github-action-install-senzing-sdk@<sha>). This is a minor concern but worth noting per CI/CD security best practices.

Summary

The PR is a clean, consistent version bump with no issues. The only minor note is the use of a mutable tag (@v4) rather than a pinned SHA — consider pinning if supply chain security is a priority.

Automated code review analyzing defects and coding standards

@github-actions
Copy link

github-actions bot commented Mar 19, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions
Copy link

github-actions bot commented Mar 19, 2026

🤖 Claude Code Review

PR Code Review

Summary

This PR makes two types of changes:

  1. Bumps senzing-factory/github-action-install-senzing-sdk from v3 to v4 across 6 workflow files
  2. Fixes DYLD_LIBRARY_PATH to preserve existing path values (:${DYLD_LIBRARY_PATH} suffix) in macOS workflows

Code Quality

Style guide - Workflow files follow consistent YAML formatting conventions.

No commented-out code - None present.

Meaningful variable names - N/A, only minor env var changes.

DRY principle - The action version bump is consistently applied across all 6 affected workflow files.

Defects - The DYLD_LIBRARY_PATH fix is correct and important. Overwriting rather than appending to DYLD_LIBRARY_PATH can break other libraries already in the path. The fix in csharp-darwin-snippets.yaml and java-darwin-snippets.yaml correctly preserves the existing path. The Linux and Windows workflows don't set DYLD_LIBRARY_PATH (as expected, since it's macOS-specific).

CLAUDE.md - The project's CLAUDE.md already documents the correct macOS pattern (export DYLD_LIBRARY_PATH=$SENZING_PATH/er/lib:$SENZING_PATH/er/lib/macos:$DYLD_LIBRARY_PATH), and this PR aligns the CI workflows with that documented convention.

Testing

Unit/integration tests - Not applicable for CI workflow changes.

Documentation

README - No documentation changes needed for workflow-only updates.

CHANGELOG.md - No CHANGELOG.md update is included. If this project maintains a changelog, these fixes (SDK action bump to v4, DYLD_LIBRARY_PATH preservation fix) should be noted.

Inline comments - Not needed for these straightforward changes.

Security

No hardcoded credentials - None present.

No license files - No .lic files or AQAAAD-prefixed strings present.

No sensitive data - Clean.

Overall Assessment

This is a clean, focused PR. The DYLD_LIBRARY_PATH fix is a real bug fix that aligns CI behavior with the documented convention in CLAUDE.md. The action version bumps are consistent across all relevant workflows. The only minor gap is a missing CHANGELOG.md entry.

Automated code review analyzing defects and coding standards

@github-actions
Copy link

github-actions bot commented Mar 19, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@kernelsam kernelsam added the blocked Cannot make progress label Mar 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kernelsam kernelsam

Labels

blocked Cannot make progress dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @senzingdevops