Skip to content

chore(deps)!: Update GitHub Actions to v7#95

Merged
williaby merged 1 commit into
mainfrom
renovate/major-github-actions
Jun 20, 2026
Merged

chore(deps)!: Update GitHub Actions to v7#95
williaby merged 1 commit into
mainfrom
renovate/major-github-actions

Conversation

@williaby

Copy link
Copy Markdown
Collaborator

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Package Type Update Change OpenSSF
actions/checkout action major v6.0.3v7 OpenSSF Scorecard

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Impact

  • ✅ Patch update: bug fixes and security patches only
  • ✅ No breaking changes

Acceptance Criteria

  • All CI checks pass

Testing

  • CI gates pass (tests, lint, type checking, security scan)

Notes


Release Notes

actions/checkout (actions/checkout)

v7

Compare Source

v7.0.0

Compare Source


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "after 10pm every weekday,before 5am every weekday,every weekend"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Copilot AI review requested due to automatic review settings June 20, 2026 20:06
@coderabbitai

coderabbitai Bot commented Jun 20, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@williaby, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 37 minutes and 15 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 170ea71e-7d1e-4569-8afa-120fd40ef0a6

📥 Commits

Reviewing files that changed from the base of the PR and between 4f823f6 and f465d2f.

📒 Files selected for processing (21)
  • .github/workflows/ci.yml
  • .github/workflows/codeql.yml
  • .github/workflows/cruft-update.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/reuse.yml
  • .github/workflows/scheduled-validation.yml
  • .github/workflows/test-template.yml
  • .github/workflows/validate-template.yml
  • {{cookiecutter.project_slug}}/.github/workflows/ci.yml
  • {{cookiecutter.project_slug}}/.github/workflows/cifuzzy.yml
  • {{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml
  • {{cookiecutter.project_slug}}/.github/workflows/docs.yml
  • {{cookiecutter.project_slug}}/.github/workflows/fips-compatibility.yml
  • {{cookiecutter.project_slug}}/.github/workflows/pr-validation.yml
  • {{cookiecutter.project_slug}}/.github/workflows/python-compatibility.yml
  • {{cookiecutter.project_slug}}/.github/workflows/release.yml
  • {{cookiecutter.project_slug}}/.github/workflows/reuse.yml
  • {{cookiecutter.project_slug}}/.github/workflows/scorecard.yml
  • {{cookiecutter.project_slug}}/.github/workflows/security-analysis.yml
  • {{cookiecutter.project_slug}}/.github/workflows/slsa-provenance.yml
  • {{cookiecutter.project_slug}}/.github/workflows/validate-cruft.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/major-github-actions

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the cookiecutter template’s and this repository’s GitHub Actions workflows to use actions/checkout v7 (still pinned by commit SHA), keeping the template’s CI/security automation aligned with upstream fixes and security updates.

Changes:

  • Bump actions/checkout from v6.0.3 to v7 (SHA pin update) across repo workflows.
  • Apply the same actions/checkout v7 pin to generated-project workflows under {{cookiecutter.project_slug}}/.
  • Keep existing hardening/permissions patterns intact while refreshing the checkout dependency.

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
{{cookiecutter.project_slug}}/.github/workflows/validate-cruft.yml Update actions/checkout pin to v7 for cruft validation.
{{cookiecutter.project_slug}}/.github/workflows/slsa-provenance.yml Update actions/checkout pin to v7 for provenance build step.
{{cookiecutter.project_slug}}/.github/workflows/security-analysis.yml Update actions/checkout pin to v7 for security analysis workflow.
{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml Update actions/checkout pin to v7 for Scorecard job checkout.
{{cookiecutter.project_slug}}/.github/workflows/reuse.yml Update actions/checkout pin to v7 for REUSE checks.
{{cookiecutter.project_slug}}/.github/workflows/release.yml Update actions/checkout pin to v7 across release jobs.
{{cookiecutter.project_slug}}/.github/workflows/python-compatibility.yml Update actions/checkout pin to v7 for compatibility checks.
{{cookiecutter.project_slug}}/.github/workflows/pr-validation.yml Update actions/checkout pin to v7 across PR validation jobs.
{{cookiecutter.project_slug}}/.github/workflows/fips-compatibility.yml Update actions/checkout pin to v7 across FIPS jobs.
{{cookiecutter.project_slug}}/.github/workflows/docs.yml Update actions/checkout pin to v7 for docs workflow.
{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml Update actions/checkout pin to v7 for dependency review.
{{cookiecutter.project_slug}}/.github/workflows/cifuzzy.yml Update actions/checkout pin to v7 for fuzz CI workflow.
{{cookiecutter.project_slug}}/.github/workflows/ci.yml Update actions/checkout pin to v7 across template CI jobs.
.github/workflows/validate-template.yml Update actions/checkout pin to v7 for template validation workflow.
.github/workflows/test-template.yml Update actions/checkout pin to v7 across template test matrix jobs.
.github/workflows/scheduled-validation.yml Update actions/checkout pin to v7 for scheduled validations.
.github/workflows/reuse.yml Update actions/checkout pin to v7 for repo REUSE checks.
.github/workflows/dependency-review.yml Update actions/checkout pin to v7 for repo dependency review.
.github/workflows/cruft-update.yml Update actions/checkout pin to v7 for cruft update automation.
.github/workflows/codeql.yml Update actions/checkout pin to v7 for CodeQL scanning.
.github/workflows/ci.yml Update actions/checkout pin to v7 across repo CI jobs.

egress-policy: audit

- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/ci.yml

- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
@williaby williaby merged commit 7543036 into main Jun 20, 2026
68 checks passed
@williaby williaby deleted the renovate/major-github-actions branch June 20, 2026 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants