PSA: Old versions of actions/setup-dotnet will break soon

[PathogenDavid]

TL;DR: If you maintain a community package using GitHub Actions that specifies uses: actions/[email protected] or anything else more specific than @v4, your workflow will break soon. Change it to uses: actions/setup-dotnet@v4 to avoid breakage.

---

Microsoft announced last week that due to the bankruptcy of their CDN partner, the download links for some .NET binaries and installers will cease working Q1 this year. This affects older versions of actions/setup-dotnet.

The best practice for GitHub Actions workflows is to specify only the major version of your dependencies (IE: uses: actions/setup-dotnet@v4) unless you have a specific reason not to. This allows you to receive bug fixes and minor updates from action maintainers without any effort on your part.

Unfortunately due to some copy+pasting of workflows within the Bonsai community, many of our workflows (particularly around publishing documentation) specify uses: actions/[email protected], which is overly specific.

If any of your workflows use specific versions, it's strongly recommended that you drop everything other than the major version number. (This applies for all actions, not just setup-dotnet.)

[PathogenDavid]

Those in charge of organizations may find it helpful to use this GitHub search query to quickly identify instances of this mistake across all of your repositories. (Replace org:bonsai-rx with your organization or owner:yourusername to search your personal repositories.)

If you want to audit your workflows for overly-specific version pinning in general, use this regex instead: /uses:\s+[A-Za-z0-9\-]+\/[A-Za-z0-9\-_\.]+@([^v]|v\d\.)/

[PathogenDavid]

FYI, Microsoft will start randomly disabling the old domains starting on February 3rd (about a week from now) in order to weed out people affected by this. Announcement here