build(deps): bump actions/checkout from 4.3.1 to 6.0.2#2653
build(deps): bump actions/checkout from 4.3.1 to 6.0.2#2653dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
Up to standards ✅🟢 Issues
|
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull Request Overview
This PR cannot be merged in its current state because it attempts to upgrade 'actions/checkout' to a non-existent version (v6.0.2). The current official major version for this action is v4. Referencing v6.0.2 will cause all CI/CD workflows to fail during the action resolution phase.
While the code is syntactically correct according to static analysis, it is functionally broken. Furthermore, the Intent analysis notes that any future move to a v6.x release (should one occur) would require GitHub Actions Runner v2.329.0 or higher due to changes in credential persistence. This must be verified for any self-hosted environments before a valid upgrade is performed.
About this PR
- The proposed upgrade introduces a change in credential storage ($RUNNER_TEMP) that requires GitHub Actions Runner v2.329.0 or higher. If this project utilizes self-hosted runners, please verify their versions are compatible before proceeding with a version bump.
Test suggestions
- Verify checkout step in 'Deleted files' workflow using v6.0.2
- Verify 'Report readability' workflow with fetch-depth: 0 using v6.0.2
- Verify scheduled jobs (broken links, tool checks, etc.) using v6.0.2
- Verify Vale workflow which uses GITHUB_TOKEN input with v6.0.2's new credential persistence
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify checkout step in 'Deleted files' workflow using v6.0.2
2. Verify 'Report readability' workflow with fetch-depth: 0 using v6.0.2
3. Verify scheduled jobs (broken links, tool checks, etc.) using v6.0.2
4. Verify Vale workflow which uses GITHUB_TOKEN input with v6.0.2's new credential persistence
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
There was a problem hiding this comment.
🔴 HIGH RISK
The version v6.0.2 for actions/checkout does not exist. Please revert to a valid v4 reference.
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
There was a problem hiding this comment.
🔴 HIGH RISK
This workflow uses actions/checkout v6.0.2 across multiple jobs, but this version does not exist. The current major version is v4.
| steps: | ||
| - name: Checkout repo with history | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
There was a problem hiding this comment.
🔴 HIGH RISK
The version v6.0.2 for actions/checkout does not exist. Referencing a non-existent version will break this workflow.
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
There was a problem hiding this comment.
🔴 HIGH RISK
The actions/checkout action does not have a v6.0.2 release. The current official version is v4. Please use a valid version or commit SHA from the official actions/checkout repository.
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.3.1...de0fac2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/actions/checkout-6.0.2
branch
from
32e4b20 to
b32169f
Compare
Bumps actions/checkout from 4.3.1 to 6.0.2.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)