diff --git a/.github/workflows/build-guides-freshness.yml b/.github/workflows/build-guides-freshness.yml
index 94183687..ca4b8b0a 100644
--- a/.github/workflows/build-guides-freshness.yml
+++ b/.github/workflows/build-guides-freshness.yml
@@ -51,7 +51,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
with:
# Enough history for the diagnostic `git status` to resolve cleanly.
fetch-depth: 50
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 290c82d0..b308997e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,7 +49,7 @@ jobs:
build-mode: none
steps:
- name: Checkout
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
diff --git a/.github/workflows/copy-docs-freshness.yml b/.github/workflows/copy-docs-freshness.yml
index 59e903fd..e21ed87f 100644
--- a/.github/workflows/copy-docs-freshness.yml
+++ b/.github/workflows/copy-docs-freshness.yml
@@ -42,7 +42,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
with:
# Enough history for the diagnostic `git status` to resolve cleanly.
fetch-depth: 50
diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml
index 16b90e3a..bcd0ba9d 100644
--- a/.github/workflows/dco.yml
+++ b/.github/workflows/dco.yml
@@ -16,7 +16,7 @@ jobs:
name: DCO sign-off check
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
with:
# Fetch full history so `git log ..HEAD` resolves.
fetch-depth: 0
diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
index 7c47b154..613d7c9c 100644
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -40,7 +40,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0 # full history for any git-revision-date plugin
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index b9a9dc33..2243bbf2 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -135,7 +135,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
@@ -190,7 +190,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
@@ -219,7 +219,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
@@ -263,7 +263,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
@@ -335,7 +335,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
with:
@@ -401,7 +401,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6
with:
version: 9
@@ -494,7 +494,7 @@ jobs:
--health-timeout 5s
--health-retries 12
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
@@ -633,7 +633,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
@@ -701,7 +701,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6
with:
@@ -778,7 +778,7 @@ jobs:
# job-level. See infra_solr_smoke_stability spec FR-2 + AC-2.
COMPOSE_PROJECT_NAME: "relyloop"
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
# Python + uv so `uv run pytest` works on the smoke runner (parallel to
# the backend job; doesn't share its venv).
@@ -1060,7 +1060,7 @@ jobs:
# with the other jobs removes ~65s from the critical path.
timeout-minutes: 15
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
@@ -1149,7 +1149,7 @@ jobs:
# the smoke job + `RELYLOOP_SKIP_BUILD=1` to bypass install.sh's build step.
timeout-minutes: 10
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
diff --git a/.github/workflows/reconcile-tracking-issues.yml b/.github/workflows/reconcile-tracking-issues.yml
index 4a687bc0..66f6dd1b 100644
--- a/.github/workflows/reconcile-tracking-issues.yml
+++ b/.github/workflows/reconcile-tracking-issues.yml
@@ -50,7 +50,7 @@ jobs:
reconcile:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@v7
- name: Reconcile planned_features/ ↔ tracking issues
env:
GH_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 37cafb9c..108e93fa 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -26,7 +26,7 @@ jobs:
id-token: write # publish results to the public API (badge)
steps:
- name: Checkout
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
diff --git a/.github/workflows/secrets-defense.yml b/.github/workflows/secrets-defense.yml
index cb243e40..8b7d70ac 100644
--- a/.github/workflows/secrets-defense.yml
+++ b/.github/workflows/secrets-defense.yml
@@ -44,7 +44,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
with:
# Need enough history for `git diff origin/...HEAD` and
# `git diff HEAD~1 HEAD` to resolve.
@@ -73,7 +73,7 @@ jobs:
env:
GITLEAKS_VERSION: 8.21.2
steps:
- - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
with:
# Scan the full PR diff against origin/; need history to resolve.
fetch-depth: 50