From 3b4dc71189cc8d892e41856de5e5d6cd564af265 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 18:37:23 +0000 Subject: [PATCH 1/3] chore(deps): bump actions/checkout from 5 to 6 in the actions group Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/cpp-linter.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/self-test.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cpp-linter.yml b/.github/workflows/cpp-linter.yml index c74f2734..2e812055 100644 --- a/.github/workflows/cpp-linter.yml +++ b/.github/workflows/cpp-linter.yml @@ -13,7 +13,7 @@ jobs: cpp-linter: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: cpp-linter/cpp-linter-action@main id: linter continue-on-error: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f490ff93..542d4522 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: re-tag: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ inputs.ref }} diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml index e6514e60..67015b26 100644 --- a/.github/workflows/self-test.yml +++ b/.github/workflows/self-test.yml @@ -39,7 +39,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Cache the build artifacts id: cache-build From 3a7f15e403daabefb066ab954988d79bdaff9ea0 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Mon, 24 Nov 2025 23:36:14 +0200 Subject: [PATCH 2/3] Pin actions/checkout to commit hash with version comment (#376) * Initial plan * Add version comments to actions/checkout references Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com> * Move version comments to inline format Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com> * Revert examples folder changes and use commit hash in comments Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com> * Use commit hash as reference and version tag as comment Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: shenxianpeng <3353385+shenxianpeng@users.noreply.github.com> --- .github/workflows/cpp-linter.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/self-test.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cpp-linter.yml b/.github/workflows/cpp-linter.yml index 2e812055..d3ae8697 100644 --- a/.github/workflows/cpp-linter.yml +++ b/.github/workflows/cpp-linter.yml @@ -13,7 +13,7 @@ jobs: cpp-linter: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - uses: cpp-linter/cpp-linter-action@main id: linter continue-on-error: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 542d4522..ad92205d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: re-tag: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 ref: ${{ inputs.ref }} diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml index 67015b26..5c60ebf6 100644 --- a/.github/workflows/self-test.yml +++ b/.github/workflows/self-test.yml @@ -39,7 +39,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Cache the build artifacts id: cache-build From ef97dee0ee84975bf5ae9ef1ccc0b4d2eb9acaa9 Mon Sep 17 00:00:00 2001 From: Brendan <2bndy5@gmail.com> Date: Mon, 24 Nov 2025 14:41:28 -0800 Subject: [PATCH 3/3] do not persist git credentials when not needed and make explicit when we do need it --- .github/workflows/cpp-linter.yml | 2 ++ .github/workflows/release.yml | 1 + .github/workflows/self-test.yml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/.github/workflows/cpp-linter.yml b/.github/workflows/cpp-linter.yml index d3ae8697..59b6547e 100644 --- a/.github/workflows/cpp-linter.yml +++ b/.github/workflows/cpp-linter.yml @@ -14,6 +14,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false - uses: cpp-linter/cpp-linter-action@main id: linter continue-on-error: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ad92205d..d02ae622 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,6 +24,7 @@ jobs: steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: + persist-credentials: true # needed for `git push` fetch-depth: 0 ref: ${{ inputs.ref }} - name: Config git name and email diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml index 5c60ebf6..5403c487 100644 --- a/.github/workflows/self-test.yml +++ b/.github/workflows/self-test.yml @@ -40,6 +40,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + with: + persist-credentials: false - name: Cache the build artifacts id: cache-build