From 3aff9a8e080c44bcf73b0baa841c58a6aaf40cbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Jun 2026 13:34:55 +0000 Subject: [PATCH] ci: bump the github-actions group with 2 updates Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/cache](https://github.com/actions/cache). Updates `actions/checkout` from 6.0.3 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) Updates `actions/cache` from 5.0.5 to 6.0.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...2c8a9bd7457de244a408f35966fab2fb45fda9c8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/dev-image.yml | 2 +- .github/workflows/distribution.yml | 12 ++++++------ .github/workflows/docs.yml | 2 +- .github/workflows/freshness.yml | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd03217..bc56f03 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 45 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # compose runs the container as ${UID:-1000}:${GID:-1000} and bind-mounts # the checkout at /workspace; the GitHub runner user is uid 1001, so without # this the container would run as 1000 and Gradle could not write the @@ -58,7 +58,7 @@ jobs: # compatible cache, keeping the build cache warm as sources evolve. The cross-OS dist legs get # the same benefit via setup-gradle; this closes the gap for the Docker-based jobs. - name: cache gradle home - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: | .gradle-home/caches @@ -110,7 +110,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # The SPA's Node + pnpm toolchain lives in the dev image at pinned versions (same as the build # job), so Prettier, svelte-check, and the vite build all run there rather than against a # different host toolchain. See the build job for the uid/gid rationale. @@ -142,7 +142,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: crate-ci/typos@37bb98842b0d8c4ffebdb75301a13db0267cef89 # v1.47.2 # Versions pinned to match the dev image (root Dockerfile) so CI and the # container can never check formatting with different tool versions. @@ -180,7 +180,7 @@ jobs: # rewrite.yml). rewriteDryRun parses sources only. continue-on-error: true steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # See the build job: compose must run as the 1001 runner user, not the 1000 # default, or Gradle cannot write into the bind-mounted checkout. - name: export host uid/gid for compose @@ -190,7 +190,7 @@ jobs: # Restore-only: reuse the Gradle home the build job populates (warm dependencies for the # dry-run) without saving a second, duplicate cache from this advisory job. - name: restore gradle home - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: | .gradle-home/caches diff --git a/.github/workflows/dev-image.yml b/.github/workflows/dev-image.yml index db96ddd..3e7e854 100644 --- a/.github/workflows/dev-image.yml +++ b/.github/workflows/dev-image.yml @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: diff --git a/.github/workflows/distribution.yml b/.github/workflows/distribution.yml index bea7e08..1b423ad 100644 --- a/.github/workflows/distribution.yml +++ b/.github/workflows/distribution.yml @@ -43,7 +43,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 45 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # compose runs as ${UID:-1000}:${GID:-1000}; the runner user is uid 1001, so # export the real ids or Gradle cannot write the bind-mounted build/ dirs. - name: export host uid/gid for compose @@ -55,7 +55,7 @@ jobs: # it, and an ephemeral runner starts cold otherwise. The cross-OS legs already cache via # setup-gradle in setup-jdk-gradle; this closes the gap for this Docker-based leg. - name: cache gradle home - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: | .gradle-home/caches @@ -160,7 +160,7 @@ jobs: matrix: os: [macos-latest, windows-latest] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite. - uses: ./.github/actions/setup-jdk-gradle @@ -210,7 +210,7 @@ jobs: matrix: os: [windows-latest, macos-latest] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite. - uses: ./.github/actions/setup-jdk-gradle @@ -290,7 +290,7 @@ jobs: matrix: os: [windows-latest, macos-latest] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite. - uses: ./.github/actions/setup-jdk-gradle # Node + pnpm for the Gradle-driven SPA build (download=false → the PATH node/pnpm). Pinned to @@ -363,7 +363,7 @@ jobs: matrix: os: [windows-latest, macos-latest] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite. - uses: ./.github/actions/setup-jdk-gradle diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 6fd8fef..38113a4 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # compose runs the container as ${UID:-1000}:${GID:-1000} and bind-mounts # the checkout at /workspace; the runner user is uid 1001, so export the # real ids or Gradle cannot write the bind-mounted build/docs/javadoc. diff --git a/.github/workflows/freshness.yml b/.github/workflows/freshness.yml index a5f5256..d17a5a6 100644 --- a/.github/workflows/freshness.yml +++ b/.github/workflows/freshness.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # compose runs as ${UID:-1000}:${GID:-1000}; the runner user is uid 1001, so # export the real ids or Gradle cannot write the bind-mounted build/ dirs. - name: export host uid/gid for compose