Skip to content

chore(deps)!: Update GitHub Actions to v7#83

Open
williaby wants to merge 1 commit into
mainfrom
renovate/major-github-actions
Open

chore(deps)!: Update GitHub Actions to v7#83
williaby wants to merge 1 commit into
mainfrom
renovate/major-github-actions

Conversation

@williaby

@williaby williaby commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Package Type Update Change OpenSSF
actions/checkout action major v6.0.2v7.0.0 OpenSSF Scorecard

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Impact

  • ✅ Patch update: bug fixes and security patches only
  • ✅ No breaking changes

Acceptance Criteria

  • All CI checks pass

Testing

  • CI gates pass (tests, lint, type checking, security scan)

Notes


Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

v6.0.3

Compare Source


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "after 10pm every weekday,before 5am every weekday,every weekend"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Copilot AI review requested due to automatic review settings June 20, 2026 20:17
@coderabbitai

coderabbitai Bot commented Jun 20, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@williaby, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 37 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 420c271c-9dfd-47a0-83e5-1a3d966b392c

📥 Commits

Reviewing files that changed from the base of the PR and between a06abe3 and 1349e78.

📒 Files selected for processing (9)
  • .github/workflows/ci.yml
  • .github/workflows/codeql.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/fips-compatibility.yml
  • .github/workflows/performance-regression.yml
  • .github/workflows/postman-api-tests.yml
  • .github/workflows/pr-validation.yml
  • .github/workflows/release-sign.yml
  • .github/workflows/reuse.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/major-github-actions

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jun 20, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/performance-regression.yml
  • .github/workflows/reuse.yml

@github-actions

Copy link
Copy Markdown

❌ Performance Regression Check

Status: REGRESSION DETECTED

Metric Baseline (main) PR Branch Change
p95_ms 2.48 2.79 +12.6%

Threshold: +/-10% allowed regression

⚠️ Action Required: Performance regression detected.

Additional Metrics

Metric Baseline PR Change
p50_ms 1.90 1.87 📉 -1.3%
p95_ms 2.48 2.79 📈 12.6%
p99_ms 2.55 3.36 📈 31.6%
mean_ms 1.44 1.51 📈 5.0%
min_ms 0.06 0.06 ➡️ 0.0%
max_ms 2.58 3.42 📈 32.6%
throughput_ops 695.37 662.13 📉 -4.8%
total_iterations 500.00 500.00 ➡️ 0.0%
avg_p95_all_benchmarks_ms 1.01 1.12 📈 11.1%
avg_throughput_all_benchmarks_ops 1051729.91 1074615.83 📈 2.2%
About Performance Regression Testing

This automated check compares p95_ms on this PR against the main branch baseline.

  • Regression Threshold: 10%
  • Warmup Iterations: 5
  • Benchmark Iterations: 50
  • Baseline Source: generated

To reproduce locally:

uv run --frozen  python scripts/benchmark.py --iterations 1000 

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s GitHub Actions workflows to use actions/checkout v7 (pinned to a new commit SHA) across CI/security/compliance pipelines.

Changes:

  • Bump actions/checkout from v6.0.2 to v7 in all workflows that perform a checkout.
  • Keep action pinning by commit SHA while updating the annotated version comments.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 14 comments.

Show a summary per file
File Description
.github/workflows/reuse.yml Updates checkout action used by REUSE compliance jobs.
.github/workflows/release-sign.yml Updates checkout action used before signing release artifacts.
.github/workflows/pr-validation.yml Updates checkout action used by PR validation auxiliary jobs.
.github/workflows/postman-api-tests.yml Updates checkout action used by API test workflow.
.github/workflows/performance-regression.yml Updates checkout action used by performance regression workflow.
.github/workflows/fips-compatibility.yml Updates checkout action used by FIPS compatibility jobs.
.github/workflows/dependency-review.yml Updates checkout action used by dependency review job.
.github/workflows/codeql.yml Updates checkout action used by CodeQL analysis job.
.github/workflows/ci.yml Updates checkout action used by Playwright E2E job.

Comment thread .github/workflows/ci.yml Outdated
egress-policy: audit # TODO: switch to block after 2026-06-30 (compliance audit deferral)
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/ci.yml Outdated
egress-policy: audit # TODO: switch to block after 2026-06-30 (compliance audit deferral)
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/codeql.yml Outdated

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/dependency-review.yml Outdated

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/pr-validation.yml Outdated

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/pr-validation.yml Outdated

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/release-sign.yml Outdated

- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/reuse.yml Outdated

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
Comment thread .github/workflows/reuse.yml Outdated

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
@williaby williaby force-pushed the renovate/major-github-actions branch from 4cbca7c to 1349e78 Compare June 29, 2026 18:15
@github-actions

Copy link
Copy Markdown

🎉 Performance Regression Check

Status: PERFORMANCE IMPROVED

Metric Baseline (main) PR Branch Change
p95_ms 2.35 2.22 -5.5%

Threshold: +/-10% allowed regression

Great work!: Performance has improved.

Additional Metrics

Metric Baseline PR Change
p50_ms 1.84 1.84 📉 -0.2%
p95_ms 2.35 2.22 📉 -5.5%
p99_ms 3.30 2.30 📉 -30.4%
mean_ms 1.39 1.33 📉 -3.8%
min_ms 0.05 0.05 ➡️ 0.0%
max_ms 4.12 2.32 📉 -43.7%
throughput_ops 721.85 750.98 📈 4.0%
total_iterations 500.00 500.00 ➡️ 0.0%
avg_p95_all_benchmarks_ms 0.93 0.90 📉 -3.2%
avg_throughput_all_benchmarks_ops 993019.99 924588.85 📉 -6.9%
About Performance Regression Testing

This automated check compares p95_ms on this PR against the main branch baseline.

  • Regression Threshold: 10%
  • Warmup Iterations: 5
  • Benchmark Iterations: 50
  • Baseline Source: generated

To reproduce locally:

uv run --frozen  python scripts/benchmark.py --iterations 1000 

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants