diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index c15759a..712ccd2 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -100,7 +100,7 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@v7 # v6.0.2 + uses: actions/checkout@v7.0.0 # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 6e7aa42..1f97d0e 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v7.0.0 # PERFORMANCE: Cache pip dependencies so that any packages installed by the # bandit scan action (or future pip-install steps) are served from cache. diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index cb09c0d..508bcaf 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 - name: Setup Python Environment uses: actions/setup-python@v6 diff --git a/.github/workflows/jules-daily-qa.yml b/.github/workflows/jules-daily-qa.yml index 9b5df9e..bd3e643 100644 --- a/.github/workflows/jules-daily-qa.yml +++ b/.github/workflows/jules-daily-qa.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 - name: Trigger Jules QA env: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5ff082d..c2138d8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: ruff: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v7.0.0 - uses: astral-sh/setup-uv@v7 with: enable-cache: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 50fcac9..c4b4b05 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,7 +8,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v7.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml index 98f3072..ce2365e 100644 --- a/.github/workflows/performance.yml +++ b/.github/workflows/performance.yml @@ -18,7 +18,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v7.0.0 - name: Install uv uses: astral-sh/setup-uv@v7 diff --git a/.github/workflows/pr-visual-recap.yml b/.github/workflows/pr-visual-recap.yml index 7f2e0a0..794eea1 100644 --- a/.github/workflows/pr-visual-recap.yml +++ b/.github/workflows/pr-visual-recap.yml @@ -218,7 +218,7 @@ jobs: VISUAL_RECAP_SKILL_SOURCE: ${{ vars.VISUAL_RECAP_SKILL_SOURCE || 'auto' }} VISUAL_RECAP_SECRET_SCAN: ${{ vars.VISUAL_RECAP_SECRET_SCAN || 'high-confidence' }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 # This job runs an agent over untrusted PR diff; don't leave the token @@ -240,7 +240,7 @@ jobs: echo "local=false" >> "$GITHUB_OUTPUT" fi - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 if: steps.cli.outputs.local == 'true' with: ref: ${{ github.event.pull_request.base.sha }} diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 4663f60..397a6d9 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: release-drafter/release-drafter@ed4bc48ec97379be2258e7b7ac2624a3e26ab809 # v7.4.0 diff --git a/.github/workflows/repository-automation-daily.yml b/.github/workflows/repository-automation-daily.yml index 8caf3c2..36fd4a2 100644 --- a/.github/workflows/repository-automation-daily.yml +++ b/.github/workflows/repository-automation-daily.yml @@ -48,7 +48,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 @@ -84,7 +84,7 @@ jobs: if: always() steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 @@ -120,7 +120,7 @@ jobs: if: always() steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 @@ -156,7 +156,7 @@ jobs: if: always() steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 @@ -196,7 +196,7 @@ jobs: if: always() steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/repository-automation-weekly.yml b/.github/workflows/repository-automation-weekly.yml index 299cbb8..6caa05a 100644 --- a/.github/workflows/repository-automation-weekly.yml +++ b/.github/workflows/repository-automation-weekly.yml @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/summary.yml b/.github/workflows/summary.yml index 258c931..53b31b8 100644 --- a/.github/workflows/summary.yml +++ b/.github/workflows/summary.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 - name: Run AI inference id: inference diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index 5b9dbe5..20a1d21 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v7 + uses: actions/checkout@v7.0.0 - name: Set up uv uses: astral-sh/setup-uv@v7 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d90064d..3661fd5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,7 +12,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v7.0.0 - uses: astral-sh/setup-uv@v7 with: enable-cache: true diff --git a/.github/workflows/typecheck.yml b/.github/workflows/typecheck.yml index d1b23d8..b33b91a 100644 --- a/.github/workflows/typecheck.yml +++ b/.github/workflows/typecheck.yml @@ -12,7 +12,7 @@ jobs: mypy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v7.0.0 - uses: astral-sh/setup-uv@v7 with: enable-cache: true