Skip to content

CI: install MSRV toolchain via input instead of pinning the action tag#33

Merged
akesson merged 1 commit into
mainfrom
henrik/fix-msrv-toolchain-pin
Jun 9, 2026
Merged

CI: install MSRV toolchain via input instead of pinning the action tag#33
akesson merged 1 commit into
mainfrom
henrik/fix-msrv-toolchain-pin

Conversation

@akesson

@akesson akesson commented Jun 8, 2026

Copy link
Copy Markdown
Member

Problem

dtolnay/rust-toolchain uses its git ref as the Rust version to install, so the msrv job's @1.88.0 pin doubled as both the action version and the toolchain version. Dependabot only sees it as an action version and kept opening PRs to bump it to the latest tag (#32 bumped it to 1.100.0), which:

  1. Fails immediately — Rust 1.100.0 doesn't exist, so rustup 404s on download.
  2. Would be wrong even if it existed — the job's entire purpose is to verify the crate still builds on its declared MSRV (rust-version = "1.88"). Floating it to the newest toolchain silently defeats that check.

Fix

Pin the action to the @stable branch and pass the MSRV as the toolchain input:

- uses: dtolnay/rust-toolchain@stable
  with:
    toolchain: "1.88"

Dependabot's github-actions updater only rewrites the uses: ref, never with: inputs, so it leaves this alone — no ignore rule needed. The job still verifies the rust-version = "1.88" declared in Cargo.toml.

Supersedes and closes #32.

🤖 Generated with Claude Code

dtolnay/rust-toolchain treats its git ref as the Rust version to
install, so the msrv job's `@1.88.0` pin was both the action version and
the toolchain version. Dependabot only sees it as an action version and
kept opening PRs to bump it to the latest tag (e.g. 1.100.0), which fails
because that Rust release does not exist yet, and would defeat the job's
purpose even if it did.

Pin the action to the `@stable` branch and pass the MSRV as the
`toolchain` input. Dependabot's github-actions updater only rewrites the
`uses:` ref, never `with:` inputs, so it leaves this alone, while the job
still verifies the `rust-version = "1.88"` declared in Cargo.toml.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@akesson akesson merged commit 680d4c8 into main Jun 9, 2026
5 checks passed
@akesson akesson deleted the henrik/fix-msrv-toolchain-pin branch June 9, 2026 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant