Skip to content

chore(deps): bump devantler-tech/actions/upload-coverage from 7.1.3 to 9.0.0#355

Merged
botantler-1[bot] merged 1 commit into
mainfrom
dependabot/github_actions/devantler-tech/actions/upload-coverage-9.0.0
Jul 3, 2026
Merged

chore(deps): bump devantler-tech/actions/upload-coverage from 7.1.3 to 9.0.0#355
botantler-1[bot] merged 1 commit into
mainfrom
dependabot/github_actions/devantler-tech/actions/upload-coverage-9.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps devantler-tech/actions/upload-coverage from 7.1.3 to 9.0.0.

Release notes

Sourced from devantler-tech/actions/upload-coverage's releases.

v9.0.0

9.0.0 (2026-07-03)

⚠ BREAKING CHANGES

  • remove the sync-github-labels composite action (superseded by declarative IssueLabels) (#418)
  • All callers referencing old file names, input names, output names, or secret keys must be updated.
  • run-dotnet-tests: run-dotnet-tests no longer accepts app-id or app-private-key inputs. Callers pinning by SHA are unaffected; on repin any still-passed values are simply ignored (unexpected-input warning).
  • the setup-copilot-skills/update-copilot-skills action paths are removed and setup-agent-skills's agent input is renamed to agents. Consumers on a pinned major (e.g. @​v4) are unaffected until they bump; migration guides are in each action's README.
  • the codecov-token input is removed from both actions. Callers must stop passing it (the reusable workflows are updated in lockstep).
  • copilot-skills: setup-copilot-skills and update-copilot-skills both remove the skills-lock input; setup-copilot-skills also removes the source input and redefines skills as the sole list input. Delete any skills-lock.json and move each entry onto its own <owner/repo> <skill> line in setup-copilot-skills.with.skills.
  • Action directories and input names have been renamed.

Features

  • add .NET project and test configurations (#10) (1ce56da)
  • add require-checks-in-pr composite action (#113) (1f66c91)
  • add auto-merge composite action for PRs (#14) (a8f34bd)
  • add automation configuration for PR reviews and issue sessions (f4b7152)
  • add blocked label and update label sync configuration (3041247)
  • add Calculator class with basic arithmetic operations and corresponding unit tests (f5c21a1)
  • add collapsible sections for workflow details in README (2e8d0f9)
  • add docs (aba6c52)
  • add dotnet-test-action for testing .NET solutions with GitHub Actions (ad39d59)
  • add EditorConfig file and update Calculator and CalculatorTests for consistency and clarity (f032439)
  • add GitHub workflows (861d3e2)
  • add GitOps deployment workflow for managing Kubernetes resources (f6f0ce7)
  • add GitOps validation workflow (8505da2)
  • add Hadolint action for linting Dockerfiles (9f610a8)
  • add Homebrew setup and environment initialization to GitOps workflows (c4b0fe5)
  • add Homebrew setup step to GitOps workflows for consistent environment setup (e300bd6)
  • add initial release configuration for semantic-release (3c4f906)
  • add inputs for HOSTS_FILE and ROOT_CA_CERT_FILE in GitOps workflow (6eefeeb)
  • add pull_request and merge_group triggers to Zizmor workflow (1ce3f4b)
  • add pull_request trigger to auto-merge and dotnet-test workflows (63097da)
  • add pull_request trigger to GitOps lint and test workflows (dbd5fe8)
  • add released label to labels configuration (a803193)
  • add Repo Assist labels to central config (#161) (b41fbfe)
  • add reusable workflow to sync upstream Kyverno policies and update README with usage instructions (b119b9f)
  • add schedule trigger for sync labels workflow (5f3527e)
  • add shared workflows (0fe78df)
  • add step to append hosts file if it exists (6f22cd1)
  • add upload-coverage action for GitHub Code Quality (#170) (60d895a)
  • add upsert-issue composite action (#55) (e3a0bd5)
  • add VERSION_ARGS input to dotnet-embed-binaries workflow for version retrieval (a648561)
  • add workflow for cleaning up ghcr packages (856fea4)
  • add Zizmor composite action workflow (c0b70d3)
  • add Zizmor security analysis workflow and action documentation (dbae7c7)
  • add Zizmor workflow configuration (6e1f9b5)

... (truncated)

Changelog

Sourced from devantler-tech/actions/upload-coverage's changelog.

Changelog

9.0.0 (2026-07-03)

⚠ BREAKING CHANGES

  • remove the sync-github-labels composite action (superseded by declarative IssueLabels) (#418)
  • All callers referencing old file names, input names, output names, or secret keys must be updated.
  • run-dotnet-tests: run-dotnet-tests no longer accepts app-id or app-private-key inputs. Callers pinning by SHA are unaffected; on repin any still-passed values are simply ignored (unexpected-input warning).
  • the setup-copilot-skills/update-copilot-skills action paths are removed and setup-agent-skills's agent input is renamed to agents. Consumers on a pinned major (e.g. @​v4) are unaffected until they bump; migration guides are in each action's README.
  • the codecov-token input is removed from both actions. Callers must stop passing it (the reusable workflows are updated in lockstep).
  • copilot-skills: setup-copilot-skills and update-copilot-skills both remove the skills-lock input; setup-copilot-skills also removes the source input and redefines skills as the sole list input. Delete any skills-lock.json and move each entry onto its own <owner/repo> <skill> line in setup-copilot-skills.with.skills.
  • Action directories and input names have been renamed.

Features

  • add .NET project and test configurations (#10) (1ce56da)
  • add require-checks-in-pr composite action (#113) (1f66c91)
  • add auto-merge composite action for PRs (#14) (a8f34bd)
  • add automation configuration for PR reviews and issue sessions (f4b7152)
  • add blocked label and update label sync configuration (3041247)
  • add Calculator class with basic arithmetic operations and corresponding unit tests (f5c21a1)
  • add collapsible sections for workflow details in README (2e8d0f9)
  • add docs (aba6c52)
  • add dotnet-test-action for testing .NET solutions with GitHub Actions (ad39d59)
  • add EditorConfig file and update Calculator and CalculatorTests for consistency and clarity (f032439)
  • add GitHub workflows (861d3e2)
  • add GitOps deployment workflow for managing Kubernetes resources (f6f0ce7)
  • add GitOps validation workflow (8505da2)
  • add Hadolint action for linting Dockerfiles (9f610a8)
  • add Homebrew setup and environment initialization to GitOps workflows (c4b0fe5)
  • add Homebrew setup step to GitOps workflows for consistent environment setup (e300bd6)
  • add initial release configuration for semantic-release (3c4f906)
  • add inputs for HOSTS_FILE and ROOT_CA_CERT_FILE in GitOps workflow (6eefeeb)
  • add pull_request and merge_group triggers to Zizmor workflow (1ce3f4b)
  • add pull_request trigger to auto-merge and dotnet-test workflows (63097da)
  • add pull_request trigger to GitOps lint and test workflows (dbd5fe8)
  • add released label to labels configuration (a803193)
  • add Repo Assist labels to central config (#161) (b41fbfe)
  • add reusable workflow to sync upstream Kyverno policies and update README with usage instructions (b119b9f)
  • add schedule trigger for sync labels workflow (5f3527e)
  • add shared workflows (0fe78df)
  • add step to append hosts file if it exists (6f22cd1)
  • add upload-coverage action for GitHub Code Quality (#170) (60d895a)
  • add upsert-issue composite action (#55) (e3a0bd5)
  • add VERSION_ARGS input to dotnet-embed-binaries workflow for version retrieval (a648561)
  • add workflow for cleaning up ghcr packages (856fea4)
  • add Zizmor composite action workflow (c0b70d3)
  • add Zizmor security analysis workflow and action documentation (dbae7c7)

... (truncated)

Commits
  • 5aa2657 chore(main): release 9.0.0 (#442)
  • d817fa2 chore(main): release 8.0.2 (#441)
  • 6f07366 fix(scan-for-todo-comments): restore self-checkout for post-cleanup (#437)
  • bd78711 chore(main): release 8.0.1 (#436)
  • 96b8f82 fix: resolve first-party self-references at the same commit (#427)
  • 061b345 chore(main): release 8.0.0 (#424)
  • 0d7ff03 feat!: remove the sync-github-labels composite action (superseded by declarat...
  • d8984d1 chore(deps): bump actions/setup-dotnet from 5.3.0 to 5.4.0 (#420)
  • 9f9c1ac chore(deps): bump actions/setup-go from 6.4.0 to 6.5.0 (#416)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [devantler-tech/actions/upload-coverage](https://github.com/devantler-tech/actions) from 7.1.3 to 9.0.0.
- [Release notes](https://github.com/devantler-tech/actions/releases)
- [Changelog](https://github.com/devantler-tech/actions/blob/main/CHANGELOG.md)
- [Commits](devantler-tech/actions@6a2f24a...5aa2657)

---
updated-dependencies:
- dependency-name: devantler-tech/actions/upload-coverage
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 0f9a3561-c3b5-4b02-9b36-ad835cab846e

📥 Commits

Reviewing files that changed from the base of the PR and between ff7804a and 20367fe.

📒 Files selected for processing (1)
  • .github/workflows/validate-go-project.yaml
📜 Recent review details
⏰ Context from checks skipped due to timeout. (5)
  • GitHub Check: [Test] Delete Workflow Runs - Specific Pattern / Delete workflow runs
  • GitHub Check: [Test] Govulncheck Allowlist - Strict Path Blocks
  • GitHub Check: [Test] Govulncheck Allowlist - Allowlisted Advisory Passes
  • GitHub Check: [Test] Delete Workflow Runs - All Workflows / Delete workflow runs
  • GitHub Check: [Test] Delete Workflow Runs - Minimal Parameters / Delete workflow runs
⚠️ CI failures not shown inline (2)

GitHub Actions: 🔀 Enable Auto-Merge / auto-merge: chore(deps): bump devantler-tech/actions/upload-coverage from 7.1.3 to 9.0.0

Conclusion: failure

View job details

##[group]Run set +e
 �[36;1mset +e�[0m
 �[36;1mREVIEW_OUTPUT=$(gh pr review "$PR_NUMBER" --approve --repo "$REPOSITORY" 2>&1)�[0m
 �[36;1mREVIEW_EXIT_CODE=$?�[0m
 �[36;1mset -e�[0m
 �[36;1m�[0m
 �[36;1mif [[ $REVIEW_EXIT_CODE -eq 0 ]]; then�[0m
 �[36;1m  echo "✅ PR #${PR_NUMBER} approved"�[0m
 �[36;1melif [[ "$REVIEW_OUTPUT" == *"Can not approve your own pull request"* ]]; then�[0m
 �[36;1m  echo "::warning::Could not approve PR #${PR_NUMBER} because GitHub does not allow self-approval. Skipping approval."�[0m
 �[36;1melse�[0m
 �[36;1m  echo "::error::Failed to approve PR #${PR_NUMBER}."�[0m

GitHub Actions: 🔀 Enable Auto-Merge / 0_auto-merge.txt: chore(deps): bump devantler-tech/actions/upload-coverage from 7.1.3 to 9.0.0

Conclusion: failure

View job details

##[group]Run set +e
 �[36;1mset +e�[0m
 �[36;1mREVIEW_OUTPUT=$(gh pr review "$PR_NUMBER" --approve --repo "$REPOSITORY" 2>&1)�[0m
 �[36;1mREVIEW_EXIT_CODE=$?�[0m
 �[36;1mset -e�[0m
 �[36;1m�[0m
 �[36;1mif [[ $REVIEW_EXIT_CODE -eq 0 ]]; then�[0m
 �[36;1m  echo "✅ PR #${PR_NUMBER} approved"�[0m
 �[36;1melif [[ "$REVIEW_OUTPUT" == *"Can not approve your own pull request"* ]]; then�[0m
 �[36;1m  echo "::warning::Could not approve PR #${PR_NUMBER} because GitHub does not allow self-approval. Skipping approval."�[0m
 �[36;1melse�[0m
 �[36;1m  echo "::error::Failed to approve PR #${PR_NUMBER}."�[0m
🧰 Additional context used
📓 Path-based instructions (1)
.github/workflows/*.yaml

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/*.yaml: All reusable workflows must use the workflow_call trigger.
Pin all external actions to commit SHAs and never use floating tags such as @v4 (uses: owner/repo@<sha> # <version-comment>).
Include step-security/harden-runner as the first step of every job, with egress-policy: audit.
Set top-level permissions: {} in reusable workflows and grant permissions only at the job level.
Use persist-credentials: false on actions/checkout unless the job needs to push commits.
Reusable workflows used as organization-level repository rulesets must also include pull_request and merge_group triggers alongside workflow_call.

Files:

  • .github/workflows/validate-go-project.yaml
🔇 Additional comments (1)
.github/workflows/validate-go-project.yaml (1)

687-693: 🎯 Functional Correctness

No change needed here. The upload-coverage action at 5aa2657f976103d716f585266a0fa4e964594df2 still exposes file, language, and label, and that SHA matches the v9.0.0 tag.

			> Likely an incorrect or invalid review comment.

📝 Walkthrough

Walkthrough

This PR updates the pinned commit SHA for the devantler-tech/actions/upload-coverage GitHub Action used in the coverage upload step of the Go project validation workflow, moving from v7.1.3 to v9.0.0. No other configuration changes were made.

Changes

Workflow Action Version Bump

Layer / File(s) Summary
Coverage upload action bump
.github/workflows/validate-go-project.yaml
The pinned commit for devantler-tech/actions/upload-coverage is updated from v7.1.3 to v9.0.0, with the step name and arguments unchanged.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Related PRs: None identified.

Suggested labels: dependencies, github_actions

Suggested reviewers: None identified.

🐰 A tiny hop, a version bump so slight,

Coverage now uploads with newer might,

One line changed beneath the moon's soft glow,

From seven to nine, the pipeline will go.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the dependency bump from upload-coverage 7.1.3 to 9.0.0.
Description check ✅ Passed The description is directly related to the dependency update and its release notes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/github_actions/devantler-tech/actions/upload-coverage-9.0.0

Comment @coderabbitai help to get the list of available commands.

@botantler-1 botantler-1 Bot enabled auto-merge (squash) July 3, 2026 16:34
@botantler-1 botantler-1 Bot merged commit dd5af90 into main Jul 3, 2026
51 checks passed
@botantler-1 botantler-1 Bot deleted the dependabot/github_actions/devantler-tech/actions/upload-coverage-9.0.0 branch July 3, 2026 16:39
@github-project-automation github-project-automation Bot moved this from 🫴 Ready to ✅ Done in 🌊 Project Board Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: ✅ Done

Development

Successfully merging this pull request may close these issues.

0 participants