ci(deps): update GitHub Actions to latest versions#443
Conversation
Bulk update action versions to match what Dependabot has upgraded in consumer repos. This prevents sync from downgrading versions. Updates: - actions/checkout: v4 → v6 - actions/github-script: v7 → v8 - actions/download-artifact: v4 → v7 - actions/upload-artifact: v4 → v6 This fixes a recurring issue where workflow sync would revert Dependabot updates in consumer repos.
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
|
Closing: This is a band-aid fix. The proper solution is to ensure templates are updated when Dependabot merges. Will create a workflow to propagate action version updates to templates. |
Automated Status SummaryHead SHA: b893a91
Coverage Overview
Updated automatically; will refresh on subsequent CI/Docker completions. Keepalive checklistScopeNo scope information available Tasks
Acceptance criteria
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/checkout@v6 |
There was a problem hiding this comment.
The Selftest CI workflow now uses actions/checkout@v6, but the GitHub marketplace only publishes checkout up to v4—v6 is not a valid tag. Any run of this workflow will fail immediately with “Could not resolve reference to actions/checkout@v6” before tests execute, so the jobs can no longer run.
Useful? React with 👍 / 👎.
| if: github.event_name == 'pull_request_target' | ||
| uses: actions/github-script@v7 | ||
| uses: actions/github-script@v8 | ||
| with: |
There was a problem hiding this comment.
The guard workflow now calls actions/github-script@v8, but the upstream action currently tops out at v7. Referencing a non-existent major version causes the job to halt during step resolution (“Cannot find ref v8”), so guard checks will never execute.
Useful? React with 👍 / 👎.
| - name: Download coverage trend artifact | ||
| if: ${{ steps.discover.outputs.run_id }} | ||
| uses: actions/download-artifact@v4 | ||
| uses: actions/download-artifact@v7 | ||
| continue-on-error: true |
There was a problem hiding this comment.
In the consumer coverage guard template the artifact download steps now reference actions/download-artifact@v7, but the published action only provides v4. The runner will fail to resolve this version before any coverage comparison runs, so the job will always error out when trying to fetch artifacts.
Useful? React with 👍 / 👎.
| - name: Upload metrics artifact | ||
| uses: actions/upload-artifact@v4 | ||
| uses: actions/upload-artifact@v6 | ||
| with: | ||
| name: agents-autofix-metrics |
There was a problem hiding this comment.
The consumer autofix loop template now uploads metrics with actions/upload-artifact@v6, but upload-artifact is only released up to v4. Because the referenced tag does not exist, the workflow will fail during action resolution and never save the metrics artifact.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
This PR performs a bulk update of GitHub Actions to address workflow sync issues that have been downgrading action versions in consumer repositories. The update aims to match versions that Dependabot has already upgraded in consumer repos.
Key changes:
- Update
actions/checkoutfrom v4 to v6 (72 files) - Update
actions/github-scriptfrom v7 to v8 (72 files) - Update
actions/download-artifactfrom v4 to v7 (select files) - Update
actions/upload-artifactfrom v4 to v6 (select files)
Reviewed changes
Copilot reviewed 72 out of 72 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| templates/integration-repo/.github/workflows/notify-workflows.yml | Updates checkout to v6 |
| templates/integration-repo/.github/workflows/ci.yml | Updates github-script to v8 |
| templates/dependency-refresh.yml | Updates checkout to v6 |
| templates/cosmetic-repair.yml | Updates checkout to v6 |
| templates/consumer-repo/.github/workflows/pr-00-gate.yml | Updates checkout to v6 and github-script to v8 |
| templates/consumer-repo/.github/workflows/maint-coverage-guard.yml | Updates checkout to v6, github-script to v8, and download-artifact to v7 |
| templates/consumer-repo/.github/workflows/agents-pr-meta.yml | Updates github-script to v8 |
| templates/consumer-repo/.github/workflows/agents-keepalive-loop.yml | Updates checkout to v6, github-script to v8, and upload-artifact to v6 |
| templates/consumer-repo/.github/workflows/agents-issue-intake.yml | Updates github-script to v8 |
| templates/consumer-repo/.github/workflows/agents-guard.yml | Updates checkout to v6 and github-script to v8 |
| templates/consumer-repo/.github/workflows/agents-bot-comment-handler.yml | Updates github-script to v8 |
| templates/consumer-repo/.github/workflows/agents-autofix-loop.yml | Updates checkout to v6, github-script to v8, and upload-artifact to v6 |
| templates/ci-full.yml | Updates checkout to v6 |
| templates/ci-basic.yml | Updates checkout to v6 |
| .github/workflows/selftest-reusable-ci.yml | Updates github-script to v8 |
| .github/workflows/selftest-ci.yml | Updates checkout to v6 |
| .github/workflows/reusable-codex-run.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-bot-comment-handler.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-agents-verifier.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-agents-issue-bridge.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-70-orchestrator-main.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-70-orchestrator-init.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-20-pr-meta.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-18-autofix.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-16-agents.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/reusable-12-ci-docker.yml | Updates checkout to v6 |
| .github/workflows/reusable-11-ci-node.yml | Updates checkout to v6 |
| .github/workflows/reusable-10-ci-python.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/pr-11-ci-smoke.yml | Updates checkout to v6 |
| .github/workflows/pr-00-gate.yml | Updates checkout to v6, github-script to v8, and download-artifact to v7 |
| .github/workflows/maint-sync-env-from-pyproject.yml | Updates checkout to v6 |
| .github/workflows/maint-coverage-guard.yml | Updates checkout to v6, github-script to v8, and download-artifact to v7 |
| .github/workflows/maint-69-sync-integration-repo.yml | Updates checkout to v6 |
| .github/workflows/maint-68-sync-consumer-repos.yml | Updates checkout to v6 and download-artifact to v7 |
| .github/workflows/maint-66-monthly-audit.yml | Updates checkout to v6 |
| .github/workflows/maint-65-sync-label-docs.yml | Updates checkout to v6 |
| .github/workflows/maint-62-integration-consumer.yml | Updates github-script to v8 |
| .github/workflows/maint-61-create-floating-v1-tag.yml | Updates checkout to v6 |
| .github/workflows/maint-60-release.yml | Updates checkout to v6 |
| .github/workflows/maint-52-validate-workflows.yml | Updates checkout to v6 |
| .github/workflows/maint-52-sync-dev-versions.yml | Updates checkout to v6 and download-artifact to v7 |
| .github/workflows/maint-51-dependency-refresh.yml | Updates checkout to v6 |
| .github/workflows/maint-50-tool-version-check.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/maint-47-disable-legacy-workflows.yml | Updates checkout to v6 |
| .github/workflows/maint-46-post-ci.yml | Updates checkout to v6, github-script to v8, and download-artifact to v7 |
| .github/workflows/maint-45-cosmetic-repair.yml | Updates checkout to v6 |
| .github/workflows/health-codex-auth-check.yml | Updates github-script to v8 |
| .github/workflows/health-70-validate-sync-manifest.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/health-67-integration-sync-check.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/health-50-security-scan.yml | Updates checkout to v6 |
| .github/workflows/health-44-gate-branch-protection.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/health-43-ci-signature-guard.yml | Updates checkout to v6 |
| .github/workflows/health-42-actionlint.yml | Updates checkout to v6 |
| .github/workflows/health-41-repo-health.yml | Updates github-script to v8 |
| .github/workflows/health-40-repo-selfcheck.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/autofix.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/archived/maint-63-ensure-environments.yml | Updates github-script to v8 |
| .github/workflows/agents-weekly-metrics.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-verifier.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-pr-meta-v4.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-moderate-connector.yml | Updates github-script to v8 |
| .github/workflows/agents-keepalive-loop.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-keepalive-dispatch-handler.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-keepalive-branch-sync.yml | Updates checkout to v6 |
| .github/workflows/agents-guard.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-bot-comment-handler.yml | Updates github-script to v8 |
| .github/workflows/agents-autofix-loop.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-73-codex-belt-conveyor.yml | Updates github-script to v8 |
| .github/workflows/agents-72-codex-belt-worker.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-71-codex-belt-dispatcher.yml | Updates checkout to v6 and github-script to v8 |
| .github/workflows/agents-64-verify-agent-assignment.yml | Updates github-script to v8 |
| .github/workflows/agents-63-issue-intake.yml | Updates checkout to v6 and github-script to v8 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Automated Status Summary
Scope
GITHUB_STEP_SUMMARYoutput so iteration results are visible in the Actions UITasks
agent:codexlabelagents-keepalive-loop.ymlafter agent runbuildStatusBlock()inagents_pr_meta_update_body.jsto acceptagentTypeparameteragentTypeis set (CLI agent): hide workflow table, hide head SHA/required checksagent:*label):<!-- gate-summary: -->comment posting (use step summary instead)<!-- keepalive-round: N -->instruction comments (task appendix replaces this)<!-- keepalive-loop-summary -->to be the single source of truthagent:*label):<!-- gate-summary: -->commentagent_typeoutput to detect job so downstream workflows know the modeagents-pr-meta.ymlto conditionally skip gate summary for CLI agent PRsAcceptance criteria
Head SHA: 8a5bb35
Latest Runs: ⏳ queued — Gate
Required: gate: ⏳ queued