diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index fc7a4da4..4481b2ef 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -22,7 +22,7 @@ jobs: build-and-deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 - uses: actions/setup-node@v4 with: diff --git a/.github/workflows/e2e-install.yml b/.github/workflows/e2e-install.yml index b491709b..b706db5a 100644 --- a/.github/workflows/e2e-install.yml +++ b/.github/workflows/e2e-install.yml @@ -64,7 +64,7 @@ jobs: steps: - name: Checkout PR head if: ${{ github.event_name == 'pull_request' }} - uses: actions/checkout@v4 + uses: actions/checkout@v7 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -72,7 +72,7 @@ jobs: - name: Checkout repository if: ${{ github.event_name != 'pull_request' }} - uses: actions/checkout@v4 + uses: actions/checkout@v7 with: # We need the target branch reachable from the working tree so the # updater can `git fetch origin `. Fetch tags too since the diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index eb13989d..53ccd182 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 - uses: oven-sh/setup-bun@v2 with: diff --git a/.github/workflows/issue-triage.yml b/.github/workflows/issue-triage.yml index c7a2a48c..f7a4dfdb 100644 --- a/.github/workflows/issue-triage.yml +++ b/.github/workflows/issue-triage.yml @@ -29,7 +29,7 @@ jobs: - name: Checkout # SHA-pinned: this workflow runs on every opened issue with # issues:write and a paid API secret in scope. - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # The script auths to GitHub via GH_TOKEN only — no need to persist # GITHUB_TOKEN into the runner's git config. diff --git a/.github/workflows/pr-review.yml b/.github/workflows/pr-review.yml index f916ec45..e863ac47 100644 --- a/.github/workflows/pr-review.yml +++ b/.github/workflows/pr-review.yml @@ -37,7 +37,7 @@ jobs: HAS_APP: ${{ secrets.CLAWREVIEW_APP_ID }} steps: - name: Checkout (base repo only — never the PR head) - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/pr-tests-coverage.yml b/.github/workflows/pr-tests-coverage.yml index 17f7aa37..696ef583 100644 --- a/.github/workflows/pr-tests-coverage.yml +++ b/.github/workflows/pr-tests-coverage.yml @@ -18,7 +18,7 @@ jobs: functions: ${{ steps.coverage.outputs.functions }} lines: ${{ steps.coverage.outputs.lines }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 - uses: oven-sh/setup-bun@v2 with: