Skip to content

chore(deps): bump actions/checkout from 5 to 6#4

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6
Closed

chore(deps): bump actions/checkout from 5 to 6#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 16, 2026
edited
Loading

Bumps actions/checkout from 5 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 16, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 16, 2026

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 16, 2026
edited
Loading

Greptile Summary

This Dependabot PR upgrades actions/checkout to v6 across all three workflow files. The meaningful change is in codeql.yml (v5 → v6); ci.yml and release.yml were already on v6.0.2 and are being moved to the floating v6 major tag.

  • codeql.yml: Straightforward v5 → v6 major upgrade; style is consistent with the file's prior use of a floating major-version tag.
  • ci.yml / release.yml: Change is technically a de-pin from v6.0.2 to v6; this inconsistency with the other pinned actions in those files was already flagged in prior review threads.
  • v6 breaking change note: actions/checkout v6 now stores credentials under $RUNNER_TEMP instead of the local git config, requiring Actions Runner ≥ v2.329.0 for Docker container action scenarios. None of the jobs here use Docker container actions, so this does not affect this repository.

Confidence Score: 5/5

Safe to merge — the only functional change is upgrading actions/checkout to v6, which is backwards-compatible for all job types used here.

The change is a routine dependency bump. codeql.yml is a clean major-version upgrade (v5 → v6). ci.yml and release.yml shift from a pinned patch version to a floating major tag, which was already discussed in prior review threads. None of the workflows use Docker container actions, so the v6 runner-version requirement (≥ v2.329.0) is not a concern.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/codeql.yml Upgrades actions/checkout from v5 (floating) to v6 (floating); consistent versioning style, no other changes.
.github/workflows/ci.yml Three actions/checkout references moved from pinned v6.0.2 to floating v6; de-pinning concern already addressed in prior review threads.
.github/workflows/release.yml actions/checkout moved from pinned v6.0.2 to floating v6; release workflow reproducibility concern already raised in prior review threads.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Push / PR / Tag / Schedule] --> B{Workflow Trigger}
    B -->|push or PR to main| C[ci.yml]
    B -->|push/PR to main or weekly schedule| D[codeql.yml]
    B -->|tag v-star or workflow dispatch| E[release.yml]

    C --> C1[checkout v6]
    C1 --> C2[Frontend Job]
    C1 --> C3[Rust Format Job]
    C1 --> C4[Rust Test Job]
    C2 & C3 & C4 --> C5[Validate Job]

    D --> D1[checkout v6]
    D1 --> D2[CodeQL Analyze]

    E --> E1[checkout v6]
    E1 --> E2[Build macOS DMG]
    E2 --> E3[Upload Artifact]
Loading

Reviews (2): Last reviewed commit: "chore(deps): bump actions/checkout from ..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 16, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml Outdated
Comment thread .github/workflows/release.yml
@dependabot
chore(deps): bump actions/checkout from 5 to 6
af3a8dd 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/checkout-6 branch from 41dfc9d to af3a8dd Compare May 17, 2026 02:02
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 17, 2026

Looks like actions/checkout is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 17, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/actions/checkout-6 branch May 17, 2026 02:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants