Skip to content

⬆️ Update actions/checkout action to v7#598

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/actions-checkout-7.x
Open

⬆️ Update actions/checkout action to v7#598
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/actions-checkout-7.x

Conversation

@renovate

@renovate renovate Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v6.0.3v7.0.0

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@greptile-apps

greptile-apps Bot commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown

Greptile Summary

Bumps actions/checkout from v6.0.3 to v7.0.0 across all five GitHub Actions workflow files. The upgrade is applied consistently and no workflow configuration changes are required.

  • Security note: v7 introduces a block on checking out fork PRs in pull_request_target and workflow_run contexts. The one workflow_run consumer (docker.yml) is triggered exclusively by the release workflow (fired on release: published), so it is never invoked from a fork PR and is unaffected by this new restriction.
  • All other workflows (docs.yml, markdown-code-runner.yml, pytest.yml, release.yml) use push, pull_request, or release triggers, which are not affected by the v7 behavior change.

Confidence Score: 5/5

Safe to merge — a mechanical version bump applied identically across all five workflow files with no structural changes.

Every changed file replaces one version string (v6.0.3 → v7.0.0) with no other modifications. The only workflow that could theoretically be affected by v7's new fork-PR checkout restriction (docker.yml, which uses a workflow_run trigger) is sourced exclusively from the release workflow and therefore never runs in a fork-PR context.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/docker.yml Updates actions/checkout from v6.0.3 to v7.0.0; workflow_run trigger is unaffected by v7's fork-PR checkout block since it only fires on published releases (not fork PRs)
.github/workflows/docs.yml Updates actions/checkout from v6.0.3 to v7.0.0; triggered only by push/pull_request/workflow_dispatch — straightforward safe upgrade
.github/workflows/markdown-code-runner.yml Updates actions/checkout from v6.0.3 to v7.0.0; triggered only by push/pull_request — straightforward safe upgrade
.github/workflows/pytest.yml Updates actions/checkout from v6.0.3 to v7.0.0; triggered only by push/pull_request — straightforward safe upgrade
.github/workflows/release.yml Updates actions/checkout from v6.0.3 to v7.0.0 in two steps; triggered by release:published event — no fork-PR exposure, safe upgrade

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[actions/checkout upgrade\nv6.0.3 → v7.0.0] --> B[docker.yml\nworkflow_run trigger]
    A --> C[docs.yml\npush / pull_request]
    A --> D[markdown-code-runner.yml\npush / pull_request]
    A --> E[pytest.yml\npush / pull_request]
    A --> F[release.yml\nrelease: published]

    B --> G{v7 fork-PR block\napplies?}
    G -- "Triggered by release workflow\n(never a fork PR)" --> H[✅ Unaffected]
    C --> I[✅ Safe — no workflow_run\nor pull_request_target]
    D --> I
    E --> I
    F --> I
Loading 
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[actions/checkout upgrade\nv6.0.3 → v7.0.0] --> B[docker.yml\nworkflow_run trigger]
    A --> C[docs.yml\npush / pull_request]
    A --> D[markdown-code-runner.yml\npush / pull_request]
    A --> E[pytest.yml\npush / pull_request]
    A --> F[release.yml\nrelease: published]

    B --> G{v7 fork-PR block\napplies?}
    G -- "Triggered by release workflow\n(never a fork PR)" --> H[✅ Unaffected]
    C --> I[✅ Safe — no workflow_run\nor pull_request_target]
    D --> I
    E --> I
    F --> I
Loading

Reviews (2): Last reviewed commit: "⬆️ Update actions/checkout action to v7" | Re-trigger Greptile

@renovate renovate Bot force-pushed the renovate/actions-checkout-7.x branch 2 times, most recently from 49bce9a to 4fd509f Compare June 24, 2026 09:13
@renovate renovate Bot force-pushed the renovate/actions-checkout-7.x branch from 4fd509f to 8807e40 Compare June 25, 2026 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies github_actions no-stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants