Skip to content

ci: bump actions/checkout from 4.3.1 to 7.0.0#127

Merged
Gerrrt merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-7.0.0
Jul 1, 2026
Merged

ci: bump actions/checkout from 4.3.1 to 7.0.0#127
Gerrrt merged 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-7.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/checkout from 4.3.1 to 7.0.0.

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4.3.1...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from Gerrrt as a code owner July 1, 2026 04:47
@Gerrrt Gerrrt requested a review from Copilot July 1, 2026 04:59

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This is a Dependabot dependency bump that upgrades actions/checkout from v4.3.1 to v7.0.0 in the two remaining workflows that were still on the old version. All other workflows in the repo (ci.yml, freshness.yml, claude-routines.yml, bootstrap-test.yml, etc.) are already pinned to the same v7.0.0 SHA, so this change brings the last two files into alignment.

I verified the pinned SHA 9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 resolves exactly to the v7.0.0 tag via the GitHub API, and that the version comment matches. The v7 breaking change (blocking fork-PR checkout for pull_request_target/workflow_run) does not affect these workflows: release.yml triggers only on tag pushes, and sync-fanout.yml's workflow_run fires off the release workflow (also tag-push driven) while checking out an explicit base-repo tag ref rather than a fork PR head.

Changes:

  • Bump actions/checkout to the SHA-pinned v7.0.0 in sync-fanout.yml and release.yml.
  • Completes repo-wide consistency, as all other workflows already use this SHA.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/sync-fanout.yml Updates the "Check out Core at the released tag" step to checkout v7.0.0; unaffected by the fork-PR block since it uses an explicit tag ref.
.github/workflows/release.yml Updates the publish job's checkout to v7.0.0; triggered only on tag push, so no breaking-change impact.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Gerrrt Gerrrt merged commit e5f757b into main Jul 1, 2026
15 checks passed
@Gerrrt Gerrrt deleted the dependabot/github_actions/actions/checkout-7.0.0 branch July 1, 2026 05:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants