From f1828307b33e7c7a724f9a0be4b9c4f5dd3fee8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jun 2026 11:55:40 +0000 Subject: [PATCH] chore(deps): Bump actions/checkout from 6 to 7 in the actions group Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/auth-contract-compose-pw.yml | 6 +++--- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/codeql.yml | 6 +++--- .github/workflows/coverage.yml | 6 +++--- .github/workflows/deploy.yml | 6 +++--- .github/workflows/golangci-lint.yml | 6 +++--- .github/workflows/govulncheck.yml | 6 +++--- .github/workflows/integration-backup.yml | 4 ++-- .github/workflows/lychee.yml | 2 +- .github/workflows/openapi-breaking.yml | 2 +- .github/workflows/openapi-snapshot.yml | 6 +++--- .github/workflows/preview-image-build.yml | 6 +++--- .github/workflows/typos.yml | 2 +- 13 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/auth-contract-compose-pw.yml b/.github/workflows/auth-contract-compose-pw.yml index e092e831..6231df3d 100644 --- a/.github/workflows/auth-contract-compose-pw.yml +++ b/.github/workflows/auth-contract-compose-pw.yml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 12 steps: - name: Checkout api - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: path: api @@ -55,14 +55,14 @@ jobs: # `COPY api/` — so the build context needs all three as siblings. # Identical pattern to ci.yml / deploy.yml. - name: Checkout proto sibling (for go.mod replace ../proto) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} path: proto - name: Checkout common sibling (for go.mod replace ../common) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 791490fb..5ebc93c4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 - name: Fail if PR branch is behind its base branch @@ -100,10 +100,10 @@ jobs: # exactly as deploy.yml's proven-green gate does. TEST_POSTGRES_CUSTOMERS_URL: postgres://postgres:postgres@localhost:5432/instant_customers?sslmode=disable steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Checkout proto sibling (for go.mod replace ../proto) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} @@ -113,7 +113,7 @@ jobs: run: mv _proto_ci ../proto - name: Checkout common sibling (for go.mod replace ../common) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} @@ -208,10 +208,10 @@ jobs: if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Checkout proto sibling - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} @@ -220,7 +220,7 @@ jobs: - run: mv _proto_ci ../proto - name: Checkout common sibling - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fcc411e9..0b5d5706 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,16 +20,16 @@ jobs: timeout-minutes: 30 steps: - name: Checkout this repo - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: path: api - name: Checkout sibling InstaNode-dev/common - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: InstaNode-dev/common path: common - name: Checkout sibling InstaNode-dev/proto - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: InstaNode-dev/proto path: proto diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index f59793c1..3304d4cd 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -93,7 +93,7 @@ jobs: # nosql package contributes to coverage too. TEST_MONGO_URI: mongodb://localhost:27017 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: path: api # Full history so diff-cover can resolve origin/ for the @@ -101,14 +101,14 @@ jobs: fetch-depth: 0 - name: Checkout proto sibling (for go.mod replace ../proto) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} path: proto - name: Checkout common sibling (for go.mod replace ../common) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2c1c0d6f..ead334af 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -97,12 +97,12 @@ jobs: --health-retries 12 steps: - name: Checkout api (this repo) into ./api - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: path: api - name: Checkout common sibling into ./common - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }} # 2026-05-15: GITHUB_TOKEN is scoped to THIS repo only and 404s @@ -114,7 +114,7 @@ jobs: path: common - name: Checkout proto sibling into ./proto - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index c15bb5c7..f511ec1c 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -18,18 +18,18 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: path: api # Sibling checkouts (proto/common) for repos with replace directives. # No-op for repos that do not need them. - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 if: ${{ hashFiles('api/go.mod') != '' }} with: repository: InstaNode-dev/common path: common continue-on-error: true - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: repository: InstaNode-dev/proto path: proto diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index c93d0bd8..775726e8 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -17,16 +17,16 @@ jobs: timeout-minutes: 15 steps: - name: Checkout this repo - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: path: api - name: Checkout sibling InstaNode-dev/common - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: InstaNode-dev/common path: common - name: Checkout sibling InstaNode-dev/proto - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: InstaNode-dev/proto path: proto diff --git a/.github/workflows/integration-backup.yml b/.github/workflows/integration-backup.yml index 3405ed86..e64cdc78 100644 --- a/.github/workflows/integration-backup.yml +++ b/.github/workflows/integration-backup.yml @@ -50,11 +50,11 @@ jobs: if: ${{ vars.INTEGRATION_BACKUP_ENABLED == 'true' }} steps: - name: Check out api - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: path: api - name: Check out infra (sibling repo with restore-drill.sh) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ github.repository_owner }}/infra path: infra diff --git a/.github/workflows/lychee.yml b/.github/workflows/lychee.yml index 2c07a4d4..a9180dbd 100644 --- a/.github/workflows/lychee.yml +++ b/.github/workflows/lychee.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: lycheeverse/lychee-action@v2 with: args: --no-progress --max-concurrency 4 --exclude-mail './**/*.md' './**/*.html' diff --git a/.github/workflows/openapi-breaking.yml b/.github/workflows/openapi-breaking.yml index 69e10a01..96740e74 100644 --- a/.github/workflows/openapi-breaking.yml +++ b/.github/workflows/openapi-breaking.yml @@ -66,7 +66,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout PR head - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: fetch-depth: 0 diff --git a/.github/workflows/openapi-snapshot.yml b/.github/workflows/openapi-snapshot.yml index 81dab4c0..2668f530 100644 --- a/.github/workflows/openapi-snapshot.yml +++ b/.github/workflows/openapi-snapshot.yml @@ -47,10 +47,10 @@ jobs: snapshot-drift: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Checkout proto sibling (for go.mod replace ../proto) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} @@ -60,7 +60,7 @@ jobs: run: mv _proto_ci ../proto - name: Checkout common sibling (for go.mod replace ../common) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/preview-image-build.yml b/.github/workflows/preview-image-build.yml index 0cdc58e9..179ad4af 100644 --- a/.github/workflows/preview-image-build.yml +++ b/.github/workflows/preview-image-build.yml @@ -78,14 +78,14 @@ jobs: - name: Checkout api (this repo) into ./api if: steps.prereq.outputs.skip == 'false' - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: path: api ref: ${{ github.event.pull_request.head.sha }} - name: Checkout common sibling into ./common if: steps.prereq.outputs.skip == 'false' - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.COMMON_REPO || format('{0}/common', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} @@ -93,7 +93,7 @@ jobs: - name: Checkout proto sibling into ./proto if: steps.prereq.outputs.skip == 'false' - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: repository: ${{ vars.PROTO_REPO || format('{0}/proto', github.repository_owner) }} token: ${{ secrets.REPO_ACCESS_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/typos.yml b/.github/workflows/typos.yml index 661d167a..6f2639aa 100644 --- a/.github/workflows/typos.yml +++ b/.github/workflows/typos.yml @@ -14,6 +14,6 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 3 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: crate-ci/typos@v1.47.2 continue-on-error: true # warn-only — surface findings without blocking CI