diff --git a/.github/workflows/agents-autofix-loop.yml b/.github/workflows/agents-autofix-loop.yml index e24cc312..4fcf3ff2 100644 --- a/.github/workflows/agents-autofix-loop.yml +++ b/.github/workflows/agents-autofix-loop.yml @@ -39,7 +39,7 @@ jobs: security_reason: ${{ steps.security_gate.outputs.reason }} steps: - name: Checkout (for security gate) - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts/prompt_injection_guard.js @@ -47,7 +47,7 @@ jobs: - name: Security gate - prompt injection guard id: security_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -102,7 +102,7 @@ jobs: - name: Evaluate workflow_run id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const run = context.payload.workflow_run; @@ -318,7 +318,7 @@ jobs: environment: agent-standard steps: - name: Add needs-human label and comment - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const prNumber = Number('${{ needs.prepare.outputs.pr_number }}'); @@ -372,7 +372,7 @@ jobs: steps: - name: Collect metrics id: collect - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/agents-bot-comment-handler.yml b/.github/workflows/agents-bot-comment-handler.yml index cc451426..7b6c21ee 100644 --- a/.github/workflows/agents-bot-comment-handler.yml +++ b/.github/workflows/agents-bot-comment-handler.yml @@ -61,7 +61,7 @@ jobs: steps: - name: Resolve PR number and check conditions id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const eventName = context.eventName; @@ -162,7 +162,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Remove trigger label - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | try { diff --git a/.github/workflows/agents-guard.yml b/.github/workflows/agents-guard.yml index 7a3e2258..0a96eb24 100644 --- a/.github/workflows/agents-guard.yml +++ b/.github/workflows/agents-guard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout base ref for safety validation if: github.event_name == 'pull_request_target' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.base.sha }} sparse-checkout: | @@ -42,7 +42,7 @@ jobs: - name: Verify pull_request_target safety invariants if: github.event_name == 'pull_request_target' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const path = require('path'); @@ -58,7 +58,7 @@ jobs: - name: Checkout PR head for pull_request event if: github.event_name == 'pull_request' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts/agents-guard.js @@ -66,7 +66,7 @@ jobs: - name: Evaluate protected file changes id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const fs = require('fs'); @@ -281,7 +281,7 @@ jobs: - name: Post guard failure comment if: steps.evaluate.outputs.blocked == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COMMENT_BODY_B64: ${{ steps.evaluate.outputs.comment_body_b64 }} COMMENT_MARKER: ${{ steps.evaluate.outputs.marker }} @@ -399,7 +399,7 @@ jobs: - name: Report agents guard commit status if: always() - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: BLOCKED: ${{ steps.evaluate.outputs.blocked || 'false' }} SUMMARY: ${{ steps.evaluate.outputs.summary }} diff --git a/.github/workflows/agents-issue-intake.yml b/.github/workflows/agents-issue-intake.yml index e4b51a4d..2a3be2da 100644 --- a/.github/workflows/agents-issue-intake.yml +++ b/.github/workflows/agents-issue-intake.yml @@ -65,7 +65,7 @@ jobs: steps: - name: Check labels and extract info id: check - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const eventName = context.eventName; diff --git a/.github/workflows/agents-keepalive-loop.yml b/.github/workflows/agents-keepalive-loop.yml index e63c93ea..f070017f 100644 --- a/.github/workflows/agents-keepalive-loop.yml +++ b/.github/workflows/agents-keepalive-loop.yml @@ -72,12 +72,12 @@ jobs: steps: # Dual checkout pattern: consumer repo for context, Workflows repo for scripts - name: Checkout consumer repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: consumer - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -97,7 +97,7 @@ jobs: - name: Security gate - prompt injection guard id: security_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: INPUT_PR_NUMBER: ${{ inputs.pr_number || '' }} with: @@ -180,7 +180,7 @@ jobs: - name: Evaluate keepalive conditions id: evaluate if: steps.security_gate.outputs.blocked != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: INPUT_PR_NUMBER: ${{ inputs.pr_number || '' }} with: @@ -282,7 +282,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -292,7 +292,7 @@ jobs: fetch-depth: 1 - name: Update summary with running status - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -342,7 +342,7 @@ jobs: environment: agent-standard steps: - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -428,7 +428,7 @@ jobs: - name: Auto-reconcile task checkboxes if: needs.run-codex.outputs.changes-made == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -461,7 +461,7 @@ jobs: core.setOutput('reconciliation_details', result.details); - name: Update summary comment - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: CODEX_SUMMARY: ${{ needs.run-codex.outputs.final-message-summary || '' }} with: diff --git a/.github/workflows/agents-pr-meta.yml b/.github/workflows/agents-pr-meta.yml index 58300b0c..e56a4db3 100644 --- a/.github/workflows/agents-pr-meta.yml +++ b/.github/workflows/agents-pr-meta.yml @@ -106,7 +106,7 @@ jobs: steps: - name: Resolve PR from workflow_run id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const run = context.payload.workflow_run; diff --git a/.github/workflows/maint-coverage-guard.yml b/.github/workflows/maint-coverage-guard.yml index a993ec03..6c0a199c 100644 --- a/.github/workflows/maint-coverage-guard.yml +++ b/.github/workflows/maint-coverage-guard.yml @@ -35,11 +35,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Locate latest Gate workflow run id: discover - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: |