From 4c20afe8bc4539b44e6c2647ecf1cfdfc19103ce Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 21 Jun 2026 01:02:06 +0000 Subject: [PATCH] Update actions/checkout action to v7 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/assertion.yml | 2 +- .github/workflows/ci.yml | 24 ++++++++++----------- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/release-branch.yml | 10 ++++----- .github/workflows/sbom.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/upload-release-assets.yml | 4 ++-- .github/workflows/vulncheck.yml | 2 +- 9 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/assertion.yml b/.github/workflows/assertion.yml index f36e9430e..4842c3aab 100644 --- a/.github/workflows/assertion.yml +++ b/.github/workflows/assertion.yml @@ -33,7 +33,7 @@ jobs: osarch: [amd64, arm64] steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 64ffa9b3d..5da0ba500 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,7 +30,7 @@ jobs: id-token: write # for OIDC authentication if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-tags: 'true' @@ -73,7 +73,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -118,7 +118,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-')&& !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -154,7 +154,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -185,7 +185,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-tags: 'true' - name: Get Secrets from Azure Key Vault @@ -244,7 +244,7 @@ jobs: - image: "alpine" version: "3.23" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -309,7 +309,7 @@ jobs: #- image: "oraclelinux" # version: "8" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -379,7 +379,7 @@ jobs: version: "mainline" release: "alpine" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -459,7 +459,7 @@ jobs: release: "debian" path: "/nginx-plus/agent" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -551,7 +551,7 @@ jobs: version: "mainline" release: "alpine" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -631,7 +631,7 @@ jobs: release: "debian" path: "/nginx-plus/agent" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync @@ -705,7 +705,7 @@ jobs: id-token: write # for OIDC authentication contents: write # Needed for pushing benchmark results to github branch steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get Secrets from Azure Key Vault if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') && !startsWith(github.head_ref, 'renovate/') }} uses: ./.github/actions/az-sync diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 700836f74..adbd8e6d8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }} steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d653db20d..c735ea750 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,7 +22,7 @@ jobs: pull-requests: write # for actions/dependency-review-action to post comments steps: - name: "Checkout Repository" - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: "Dependency Review" uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml index 5f875f145..115dba119 100644 --- a/.github/workflows/release-branch.yml +++ b/.github/workflows/release-branch.yml @@ -68,7 +68,7 @@ jobs: create_pull_request: ${{steps.vars.outputs.create_pull_request }} steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.releaseBranch }} @@ -91,7 +91,7 @@ jobs: release_id: ${{ steps.vars.outputs.RELEASE_ID }} steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 if: ${{ needs.vars.outputs.github_release == 'true' }} with: ref: ${{ inputs.releaseBranch }} @@ -187,7 +187,7 @@ jobs: contents: write # Needed to tag a release steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 if: ${{ needs.vars.outputs.tag_release == 'true' }} with: ref: ${{ inputs.releaseBranch }} @@ -208,7 +208,7 @@ jobs: id-token: write # Needed to get a token to upload packages to NGINX repo steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.releaseBranch }} @@ -304,7 +304,7 @@ jobs: pull-requests: write # Needed to create pull request back into main branch steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.releaseBranch }} diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 32e1b1930..65ebc014b 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -28,7 +28,7 @@ jobs: osarch: [amd64, arm64] steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Download nginx-agent binary artifacts if: ${{ inputs.runId != '' }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3b83c6ba5..c1ebf0b9c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml index 23dac9fcc..4d7d5fd89 100644 --- a/.github/workflows/upload-release-assets.yml +++ b/.github/workflows/upload-release-assets.yml @@ -36,7 +36,7 @@ jobs: upload_azure: ${{steps.vars.outputs.upload_azure }} steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.releaseBranch }} @@ -56,7 +56,7 @@ jobs: contents: write # Needed for uploading release assets to GitHub steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.releaseBranch }} diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml index ee3d50071..235dab8b1 100644 --- a/.github/workflows/vulncheck.yml +++ b/.github/workflows/vulncheck.yml @@ -27,7 +27,7 @@ jobs: GOPROXY: "https://proxy.golang.org,direct" steps: - name: Checkout Repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0