Skip to content

chore: bump github actions to latest majors in ci#554

Merged
hami-robot[bot] merged 1 commit into
Project-HAMi:masterfrom
mesutoezdil:chore/bump-github-actions-versions
Jul 6, 2026
Merged

chore: bump github actions to latest majors in ci#554
hami-robot[bot] merged 1 commit into
Project-HAMi:masterfrom
mesutoezdil:chore/bump-github-actions-versions

Conversation

@mesutoezdil

@mesutoezdil mesutoezdil commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

checkout was pinned to v4, setup-node to v4, both several majors behind. Bumped to the latest major (checkout v7, setup-node v6). Checked setup-node v6 docs, explicit cache: npm input still works the same, only auto-detection changed for workflows that omit the cache input.

Summary by CodeRabbit

  • Chores
    • Updated the documentation health workflow to use newer versions of core GitHub Actions.
    • No user-facing behavior changed; build, lint, format, and link-check steps remain the same.

Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
@netlify

netlify Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploy Preview for project-hami ready!

Name Link
🔨 Latest commit c78d591
🔍 Latest deploy log https://app.netlify.com/projects/project-hami/deploys/6a4a674edb17f4000841a84f
😎 Deploy Preview https://deploy-preview-554--project-hami.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@hami-robot hami-robot Bot requested review from archlitchi and rootsongjc July 5, 2026 14:16
@hami-robot hami-robot Bot added the size/XS label Jul 5, 2026
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates the docs-health GitHub Actions workflow, bumping actions/checkout from v4 to v7 and actions/setup-node from v4 to v6, with no other changes to steps or logic.

Changes

Workflow Action Upgrades

Layer / File(s) Summary
Bump action versions
.github/workflows/docs-health.yml
Updated actions/checkout to v7 and actions/setup-node to v6; downstream install/lint/format/build/link-check steps unchanged.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Poem

A hop, a skip, a version bump,
Checkout and node get a jump!
v7, v6, all snug and neat,
My CI burrow feels complete. 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the CI workflow update to newer major versions of GitHub Actions.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/docs-health.yml (1)

18-18: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Consider setting persist-credentials: false on checkout.

Static analysis flags that the checkout step doesn't disable credential persistence, leaving the GITHUB_TOKEN in local git config for the remainder of the job (artipacked). Since later steps run npm ci/build/linkinator against third-party npm packages, disabling this reduces exfiltration risk if a compromised dependency runs during install/build.

🔒 Proposed fix
       - uses: actions/checkout@v7
+        with:
+          persist-credentials: false
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docs-health.yml at line 18, The checkout step in the
docs-health workflow currently leaves Git credentials persisted, which can
expose the GITHUB_TOKEN to later build steps. Update the actions/checkout
configuration to disable credential persistence by setting persist-credentials
to false on the checkout step, keeping the rest of the workflow unchanged.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/docs-health.yml:
- Line 18: The checkout step in the docs-health workflow currently leaves Git
credentials persisted, which can expose the GITHUB_TOKEN to later build steps.
Update the actions/checkout configuration to disable credential persistence by
setting persist-credentials to false on the checkout step, keeping the rest of
the workflow unchanged.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 50d49ca3-938e-4d9a-944c-2c634430d97b

📥 Commits

Reviewing files that changed from the base of the PR and between 0a55c4e and c78d591.

📒 Files selected for processing (1)
  • .github/workflows/docs-health.yml

@windsonsea windsonsea left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@hami-robot

hami-robot Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mesutoezdil, windsonsea

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hami-robot hami-robot Bot added the approved label Jul 6, 2026
@hami-robot hami-robot Bot merged commit 50fb1a1 into Project-HAMi:master Jul 6, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants