Sourced from quantecon/actions's releases.

v0.8.0

Fixed

• restore-jupyter-cache: Read-only restore no longer uses a fake -00000000 primary key that could never match; it now uses the content/env prefix directly, so the logged "Requested Key" is honest (behaviour unchanged — restore still falls through to prefix matching). (#34, H4)
• CI: Container test workflows (test-container.yml, test-containers-lectures.yml) now check out the commit that built the image (workflow_run.head_sha, falling back to github.sha) instead of the default branch, so tests run against the matching commit. (#37, M11/M12)
• build-jupyter-cache: Internal sibling action calls are pinned from @main to @v0, so a pinned build-jupyter-cache no longer transitively executes unreleased main code. (Relative ./ paths can't be used — in a composite action they resolve against the consumer's workspace, not this repo.) (#38, H8)
• publish-gh-pages: Release tarball is written to $RUNNER_TEMP (outside build-dir) so the archive can't recurse into itself (#38, M15); create-release-assets now skips off-tag and fails fast when github-token is missing, instead of erroring mid-upload (#38, M16).
• build-lectures: The build command no longer uses eval; it invokes jb build directly with the source/output directories passed via env and quoted, so paths with spaces/metacharacters are handled safely. The output-dir default changed from ./ to . (drops the .//_build double-slash). extra-args is still word-split (documented in the step). (#36, M10/L17/L22)
• setup-environment: Fixed standard-mode (non-container) Conda caching — the env was restored from cache and then recreated unconditionally by setup-miniconda, so the cache saved nothing. It now restores the cached env (${CONDA}/envs, keyed by env name + Python version + environment.yml hash) and runs conda env update --prune only when there's no exact cache hit (a miss or a restore-keys partial match); dropped the deprecated use-only-tar-bz2. The environment.yml is validated up front, missing LaTeX requirements now error instead of silently skipping (broken env later), and the cache-version input documents that it is standard-mode only (no effect in container mode). (#33, C3/L19/L23)

Changed

• restore-jupyter-cache: Documented the optional save-cache input (PR-scoped saving) and clarified the path constraint (must match where build-lectures reads, _build) across the README and docs/QUICK-REFERENCE.md; the docs no longer claim the action is strictly read-only. (#34, H5/L21)
• Docs: Documented that the build-cache key is intentionally environment-only (warm-start baseline; freshness handled by jupyter-cache + Sphinx incremental + the weekly cold rebuild) in the cache action READMEs and docs/ARCHITECTURE.md. (#34, H6)
• build-jupyter-cache: The _build artifact is now uploaded only when a build fails (for debugging), instead of duplicating the cached _build into a 30-day artifact on every successful run. (#38, M14)
• Containers: Pinned Miniconda in the full quantecon image to a specific version + SHA256 (matching the lean quantecon-build image) for supply-chain security and reproducibility, and added apt-get clean for image-size parity. (#32, C2/L20)
• Containers: Capped nodejs at the current LTS (>=20,<25, i.e. ≤ node 24) in both container environments, and added a matching Dependabot ignore (node ≥ 25), excluding the non-LTS node 25 line that Dependabot's <26 proposal would have allowed.
• preview-netlify / preview-cloudflare: De-duplicated the change-detection logic into a shared scripts/detect-changed-lectures.sh, and made it treat lectures-dir as a literal path instead of a regex (a dir name with ./+ etc. no longer misbehaves). The per-file "has changes" test now uses git diff --quiet rather than parsing diff text, fixing a pre-existing edge case where a

... (truncated)

Sourced from quantecon/actions's changelog.

[0.8.0] - 2026-06-16

Fixed

• restore-jupyter-cache: Read-only restore no longer uses a fake -00000000 primary key that could never match; it now uses the content/env prefix directly, so the logged "Requested Key" is honest (behaviour unchanged — restore still falls through to prefix matching). (#34, H4)
• CI: Container test workflows (test-container.yml, test-containers-lectures.yml) now check out the commit that built the image (workflow_run.head_sha, falling back to github.sha) instead of the default branch, so tests run against the matching commit. (#37, M11/M12)
• build-jupyter-cache: Internal sibling action calls are pinned from @main to @v0, so a pinned build-jupyter-cache no longer transitively executes unreleased main code. (Relative ./ paths can't be used — in a composite action they resolve against the consumer's workspace, not this repo.) (#38, H8)
• publish-gh-pages: Release tarball is written to $RUNNER_TEMP (outside build-dir) so the archive can't recurse into itself (#38, M15); create-release-assets now skips off-tag and fails fast when github-token is missing, instead of erroring mid-upload (#38, M16).
• build-lectures: The build command no longer uses eval; it invokes jb build directly with the source/output directories passed via env and quoted, so paths with spaces/metacharacters are handled safely. The output-dir default changed from ./ to . (drops the .//_build double-slash). extra-args is still word-split (documented in the step). (#36, M10/L17/L22)
• setup-environment: Fixed standard-mode (non-container) Conda caching — the env was restored from cache and then recreated unconditionally by setup-miniconda, so the cache saved nothing. It now restores the cached env (${CONDA}/envs, keyed by env name + Python version + environment.yml hash) and runs conda env update --prune only when there's no exact cache hit (a miss or a restore-keys partial match); dropped the deprecated use-only-tar-bz2. The environment.yml is validated up front, missing LaTeX requirements now error instead of silently skipping (broken env later), and the cache-version input documents that it is standard-mode only (no effect in container mode). (#33, C3/L19/L23)

Changed

• restore-jupyter-cache: Documented the optional save-cache input (PR-scoped saving) and clarified the path constraint (must match where build-lectures reads, _build) across the README and docs/QUICK-REFERENCE.md; the docs no longer claim the action is strictly read-only. (#34, H5/L21)
• Docs: Documented that the build-cache key is intentionally environment-only (warm-start baseline; freshness handled by jupyter-cache + Sphinx incremental + the weekly cold rebuild) in the cache action READMEs and docs/ARCHITECTURE.md. (#34, H6)
• build-jupyter-cache: The _build artifact is now uploaded only when a build fails (for debugging), instead of duplicating the cached _build into a 30-day artifact on every successful run. (#38, M14)
• Containers: Pinned Miniconda in the full quantecon image to a specific version + SHA256 (matching the lean quantecon-build image) for supply-chain security and reproducibility, and added apt-get clean for image-size parity. (#32, C2/L20)
• Containers: Capped nodejs at the current LTS (>=20,<25, i.e. ≤ node 24) in both container environments, and added a matching Dependabot ignore (node ≥ 25), excluding the non-LTS node 25 line that Dependabot's <26 proposal would have allowed.
• preview-netlify / preview-cloudflare: De-duplicated the change-detection logic into a shared scripts/detect-changed-lectures.sh, and made it treat lectures-dir as a literal path instead of a regex (a dir name with ./+ etc. no longer misbehaves). The per-file "has changes" test now uses git diff --quiet rather than parsing diff text, fixing a pre-existing edge case where a

... (truncated)

• fcb6116 Release v0.8.0 (#82)
• 1f0ddf6 Cap nodejs at the current LTS (node 24) (#81)
• 8345e62 ci: bump the github-actions-major group across 8 directories with 13 updates ...
• 230ea20 SHA-pin third-party GitHub Actions (#39) (#79)
• 2997df3 setup-environment: fix standard-mode conda caching + validation (#33) (#78)
• dce58f8 dependabot: add a per-ecosystem 'majors' group to kill cross-dir duplicates (...
• e9a9c88 deps: bump the conda group across 2 directories with 3 updates (#68)
• 75fe11f Dependabot: group minor/patch per ecosystem; review majors individually (#67)
• 340028e Docs: sweep stale references and inconsistencies (#40) (#66)
• d8ec6ca build-lectures: drop eval, quote path inputs (#36) (#48)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)