From 5626766b1d382b60c130e5df7b69159c7ae0c4fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Dec 2025 09:05:43 +0000 Subject: [PATCH 1/2] :arrow_up: Bump actions/checkout from 5.0.1 to 6.0.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v5.0.1...v6.0.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-test.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/dependabot.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-client.yml | 10 +++++----- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index a41ab46..b199d89 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -31,7 +31,7 @@ jobs: steps: # we want the head of the branch that triggered this, not the reference of the commit, this is so we get updated go versions etc. - name: Check out [${{ inputs.branch || github.ref }}] - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.1 with: ref: ${{ inputs.branch || github.ref }} - name: Update Go env version diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb8b912..090a6e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: # Checkout with full history for to allow compare with base branch - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 with: fetch-depth: 0 - uses: actions/setup-python@v6 @@ -52,7 +52,7 @@ jobs: - uses: actions/setup-python@v6 - name: Install tools run: pip install detect-secrets[gibberish]==1.5.0 && pip list - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 with: fetch-depth: 0 # FIXME: GitLeaks requires a licence now diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index d7f1ecc..123ad03 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -21,7 +21,7 @@ jobs: needs: update-client steps: # Checkout with full history for to allow compare with base branch - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 with: fetch-depth: 0 - uses: actions/setup-python@v6 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c630134..60000ad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: outputs: changes: ${{ steps.check.outputs.changes }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 - name: Check if changes directory contains files id: check run: | @@ -33,7 +33,7 @@ jobs: needs: [ check-for-changes ] if: needs.check-for-changes.outputs.changes steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 with: # Get the full history as this is required by goreleaser fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index caf85e6..9c8f70c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4.1.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.1.1 with: persist-credentials: false diff --git a/.github/workflows/update-client.yml b/.github/workflows/update-client.yml index 35b08a0..2b4a0ec 100644 --- a/.github/workflows/update-client.yml +++ b/.github/workflows/update-client.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout API-Uniform-Contract repo - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.1 with: token: ${{ secrets.GIT_SECRET }} repository: Arm-Debug/API-Uniform-Contract @@ -44,13 +44,13 @@ jobs: runs-on: ubuntu-latest needs: update-client steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 with: # So that we have correct GIT_TOKEN to push back to branch as we need workflow permissions token: ${{ secrets.GIT_SECRET }} ref: ${{ inputs.branch || github.head_ref || github.ref }} - name: Checkout Update Go action - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.1 with: repository: Arm-Debug/update-go-action ref: refs/tags/latest @@ -75,7 +75,7 @@ jobs: - name: Install continuous-delivery-scripts run: | pip install continuous-delivery-scripts - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 with: ref: ${{ inputs.branch || github.head_ref || github.ref }} - name: Download all-service-flat artefact @@ -155,7 +155,7 @@ jobs: needs: - build-and-test steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.1 - name: Trigger release if: contains(${{ inputs.branch || github.head_ref || github.ref }} , 'main') run: gh workflow run release.yml -f release_type=release From 89d0d6b1701e56cc20c50ca42f33dbd4e18bfd4e Mon Sep 17 00:00:00 2001 From: Monty Bot Date: Wed, 24 Dec 2025 09:06:08 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=93=B0=20Automatic=20changes=20?= =?UTF-8?q?=E2=9A=99=20Adding=20news=20file?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- changes/20251224090607.bugfix | 1 + 1 file changed, 1 insertion(+) create mode 100644 changes/20251224090607.bugfix diff --git a/changes/20251224090607.bugfix b/changes/20251224090607.bugfix new file mode 100644 index 0000000..926f1a7 --- /dev/null +++ b/changes/20251224090607.bugfix @@ -0,0 +1 @@ +Dependency upgrade: checkout-6.0.1