Skip to content

Commit 2eb6b03

Browse files
chore(deps): Bump the actions group with 6 updates (#166)
* chore(deps): Bump the actions group with 6 updates Bumps the actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8` | `9` | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.30.0` | `1.46.3` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) Updates `codecov/codecov-action` from 4 to 6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `golangci/golangci-lint-action` from 8 to 9 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v8...v9) Updates `crate-ci/typos` from 1.30.0 to 1.46.3 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@v1.30.0...v1.46.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: crate-ci/typos dependency-version: 1.46.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> * ci: fall back to GITHUB_TOKEN when REPO_ACCESS_TOKEN unavailable actions/checkout@v6 (bumped in this PR) errors on empty token input, whereas v4 silently tolerated it. Dependabot PRs run without access to Actions secrets, so secrets.REPO_ACCESS_TOKEN resolves to empty string and every sibling-repo checkout fails with: ##[error]Input required and not supplied: token The InstaNode-dev/{proto,common,api,infra} sibling repos are all public, so GITHUB_TOKEN (scoped to the running repo, read-only on org public siblings) is a valid fallback. Regular PRs continue to use the PAT. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude (Manas) <claude@anthropic.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 78c98ae commit 2eb6b03

8 files changed

Lines changed: 27 additions & 27 deletions

File tree

.github/workflows/ci.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ jobs:
106106
uses: actions/checkout@v6
107107
with:
108108
repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }}
109-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
109+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
110110
path: _proto_ci
111111

112112
- name: Place ../proto for Go replace directive
@@ -116,7 +116,7 @@ jobs:
116116
uses: actions/checkout@v6
117117
with:
118118
repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }}
119-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
119+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
120120
path: _common_ci
121121

122122
- name: Place ../common for Go replace directive
@@ -191,7 +191,7 @@ jobs:
191191
uses: actions/checkout@v6
192192
with:
193193
repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }}
194-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
194+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
195195
path: _proto_ci
196196

197197
- run: mv _proto_ci ../proto
@@ -200,7 +200,7 @@ jobs:
200200
uses: actions/checkout@v6
201201
with:
202202
repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }}
203-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
203+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
204204
path: _common_ci
205205
- run: mv _common_ci ../common
206206

.github/workflows/coverage.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -93,28 +93,28 @@ jobs:
9393
# nosql package contributes to coverage too.
9494
TEST_MONGO_URI: mongodb://localhost:27017
9595
steps:
96-
- uses: actions/checkout@v4
96+
- uses: actions/checkout@v6
9797
with:
9898
path: api
9999
# Full history so diff-cover can resolve origin/<base_ref> for the
100100
# patch-coverage gate below (shallow clones lack the base commit).
101101
fetch-depth: 0
102102

103103
- name: Checkout proto sibling (for go.mod replace ../proto)
104-
uses: actions/checkout@v4
104+
uses: actions/checkout@v6
105105
with:
106106
repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }}
107-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
107+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
108108
path: proto
109109

110110
- name: Checkout common sibling (for go.mod replace ../common)
111-
uses: actions/checkout@v4
111+
uses: actions/checkout@v6
112112
with:
113113
repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }}
114-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
114+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
115115
path: common
116116

117-
- uses: actions/setup-go@v5
117+
- uses: actions/setup-go@v6
118118
with:
119119
go-version-file: api/go.mod
120120

@@ -145,7 +145,7 @@ jobs:
145145
continue-on-error: true
146146
run: go test ./... -short -count=1 -p 1 -coverprofile=coverage.out -covermode=atomic
147147

148-
- uses: codecov/codecov-action@v4
148+
- uses: codecov/codecov-action@v6
149149
with:
150150
files: api/coverage.out
151151
flags: api
@@ -159,7 +159,7 @@ jobs:
159159
# coverage" step above is continue-on-error, so it still produces
160160
# coverage.out even if a flaky test trips — the gate reads that file.
161161
# ------------------------------------------------------------------
162-
- uses: actions/setup-python@v5
162+
- uses: actions/setup-python@v6
163163
if: github.event_name == 'pull_request'
164164
with:
165165
python-version: '3.12'

.github/workflows/deploy.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -110,14 +110,14 @@ jobs:
110110
# is a fine-grained PAT with read access to
111111
# InstaNode-dev/{common,proto}. Set via
112112
# `gh secret set REPO_ACCESS_TOKEN --repo InstaNode-dev/<name>`.
113-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
113+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
114114
path: common
115115

116116
- name: Checkout proto sibling into ./proto
117117
uses: actions/checkout@v6
118118
with:
119119
repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }}
120-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
120+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
121121
path: proto
122122

123123
- name: Compute build metadata

.github/workflows/golangci-lint.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,26 +18,26 @@ jobs:
1818
runs-on: ubuntu-latest
1919
timeout-minutes: 10
2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@v6
2222
with:
2323
path: api
2424
# Sibling checkouts (proto/common) for repos with replace directives.
2525
# No-op for repos that do not need them.
26-
- uses: actions/checkout@v4
26+
- uses: actions/checkout@v6
2727
if: ${{ hashFiles('api/go.mod') != '' }}
2828
with:
2929
repository: InstaNode-dev/common
3030
path: common
3131
continue-on-error: true
32-
- uses: actions/checkout@v4
32+
- uses: actions/checkout@v6
3333
with:
3434
repository: InstaNode-dev/proto
3535
path: proto
3636
continue-on-error: true
37-
- uses: actions/setup-go@v5
37+
- uses: actions/setup-go@v6
3838
with:
3939
go-version-file: api/go.mod
40-
- uses: golangci/golangci-lint-action@v8
40+
- uses: golangci/golangci-lint-action@v9
4141
with:
4242
version: latest
4343
working-directory: api

.github/workflows/integration-backup.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ jobs:
5858
with:
5959
repository: ${{ github.repository_owner }}/infra
6060
path: infra
61-
token: ${{ secrets.REPO_ACCESS_TOKEN }}
61+
token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
6262
- name: Install kubectl
6363
uses: azure/setup-kubectl@v5
6464
- name: Set up Go

.github/workflows/lychee.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
runs-on: ubuntu-latest
1818
timeout-minutes: 5
1919
steps:
20-
- uses: actions/checkout@v4
20+
- uses: actions/checkout@v6
2121
- uses: lycheeverse/lychee-action@v2
2222
with:
2323
args: --no-progress --max-concurrency 4 --exclude-mail './**/*.md' './**/*.html'

.github/workflows/oasdiff.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,20 +18,20 @@ jobs:
1818
timeout-minutes: 10
1919
steps:
2020
- name: Checkout PR
21-
uses: actions/checkout@v4
21+
uses: actions/checkout@v6
2222
with:
2323
path: api
24-
- uses: actions/checkout@v4
24+
- uses: actions/checkout@v6
2525
with:
2626
repository: InstaNode-dev/common
2727
path: common
2828
continue-on-error: true
29-
- uses: actions/checkout@v4
29+
- uses: actions/checkout@v6
3030
with:
3131
repository: InstaNode-dev/proto
3232
path: proto
3333
continue-on-error: true
34-
- uses: actions/setup-go@v5
34+
- uses: actions/setup-go@v6
3535
with:
3636
go-version-file: api/go.mod
3737
- name: Build openapi.json from PR

.github/workflows/typos.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,6 @@ jobs:
1414
runs-on: ubuntu-latest
1515
timeout-minutes: 3
1616
steps:
17-
- uses: actions/checkout@v4
18-
- uses: crate-ci/typos@v1.30.0
17+
- uses: actions/checkout@v6
18+
- uses: crate-ci/typos@v1.46.3
1919
continue-on-error: true # warn-only — surface findings without blocking CI

0 commit comments

Comments
 (0)