From 8a5bb35399fd16bcf438f3ab4c6da57e18d2c871 Mon Sep 17 00:00:00 2001 From: stranske Date: Thu, 1 Jan 2026 21:21:41 +0000 Subject: [PATCH] ci(deps): update GitHub Actions to latest versions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bulk update action versions to match what Dependabot has upgraded in consumer repos. This prevents sync from downgrading versions. Updates: - actions/checkout: v4 → v6 - actions/github-script: v7 → v8 - actions/download-artifact: v4 → v7 - actions/upload-artifact: v4 → v6 This fixes a recurring issue where workflow sync would revert Dependabot updates in consumer repos. --- .github/workflows/agents-63-issue-intake.yml | 6 +- .../agents-64-verify-agent-assignment.yml | 2 +- .../agents-71-codex-belt-dispatcher.yml | 6 +- .../workflows/agents-72-codex-belt-worker.yml | 32 +++++----- .../agents-73-codex-belt-conveyor.yml | 18 +++--- .github/workflows/agents-autofix-loop.yml | 10 ++-- .../workflows/agents-bot-comment-handler.yml | 4 +- .github/workflows/agents-guard.yml | 12 ++-- .../agents-keepalive-branch-sync.yml | 2 +- .../agents-keepalive-dispatch-handler.yml | 4 +- .github/workflows/agents-keepalive-loop.yml | 16 ++--- .../workflows/agents-moderate-connector.yml | 4 +- .github/workflows/agents-pr-meta-v4.yml | 24 ++++---- .github/workflows/agents-verifier.yml | 8 +-- .github/workflows/agents-weekly-metrics.yml | 4 +- .../archived/maint-63-ensure-environments.yml | 2 +- .github/workflows/autofix.yml | 4 +- .../workflows/health-40-repo-selfcheck.yml | 14 ++--- .github/workflows/health-41-repo-health.yml | 6 +- .github/workflows/health-42-actionlint.yml | 2 +- .../health-43-ci-signature-guard.yml | 2 +- .../health-44-gate-branch-protection.yml | 4 +- .github/workflows/health-50-security-scan.yml | 2 +- .../health-67-integration-sync-check.yml | 4 +- .../health-70-validate-sync-manifest.yml | 4 +- .github/workflows/health-codex-auth-check.yml | 4 +- .../workflows/maint-45-cosmetic-repair.yml | 2 +- .github/workflows/maint-46-post-ci.yml | 8 +-- .../maint-47-disable-legacy-workflows.yml | 2 +- .../workflows/maint-50-tool-version-check.yml | 4 +- .../workflows/maint-51-dependency-refresh.yml | 2 +- .../workflows/maint-52-sync-dev-versions.yml | 2 +- .../workflows/maint-52-validate-workflows.yml | 2 +- .github/workflows/maint-60-release.yml | 2 +- .../maint-61-create-floating-v1-tag.yml | 2 +- .../maint-62-integration-consumer.yml | 4 +- .../workflows/maint-65-sync-label-docs.yml | 2 +- .github/workflows/maint-66-monthly-audit.yml | 2 +- .../maint-68-sync-consumer-repos.yml | 6 +- .../maint-69-sync-integration-repo.yml | 2 +- .github/workflows/maint-coverage-guard.yml | 6 +- .../maint-sync-env-from-pyproject.yml | 2 +- .github/workflows/pr-00-gate.yml | 28 ++++----- .github/workflows/pr-11-ci-smoke.yml | 2 +- .github/workflows/reusable-10-ci-python.yml | 18 +++--- .github/workflows/reusable-11-ci-node.yml | 2 +- .github/workflows/reusable-12-ci-docker.yml | 2 +- .github/workflows/reusable-16-agents.yml | 30 +++++----- .github/workflows/reusable-18-autofix.yml | 22 +++---- .github/workflows/reusable-20-pr-meta.yml | 16 ++--- .../reusable-70-orchestrator-init.yml | 18 +++--- .../reusable-70-orchestrator-main.yml | 60 +++++++++---------- .../reusable-agents-issue-bridge.yml | 34 +++++------ .../workflows/reusable-agents-verifier.yml | 10 ++-- .../reusable-bot-comment-handler.yml | 10 ++-- .github/workflows/reusable-codex-run.yml | 12 ++-- .github/workflows/selftest-ci.yml | 6 +- .github/workflows/selftest-reusable-ci.yml | 6 +- templates/ci-basic.yml | 6 +- templates/ci-full.yml | 8 +-- .../.github/workflows/agents-autofix-loop.yml | 12 ++-- .../workflows/agents-bot-comment-handler.yml | 4 +- .../.github/workflows/agents-guard.yml | 12 ++-- .../.github/workflows/agents-issue-intake.yml | 2 +- .../workflows/agents-keepalive-loop.yml | 20 +++---- .../.github/workflows/agents-pr-meta.yml | 2 +- .../workflows/maint-coverage-guard.yml | 8 +-- .../.github/workflows/pr-00-gate.yml | 4 +- templates/cosmetic-repair.yml | 2 +- templates/dependency-refresh.yml | 2 +- .../integration-repo/.github/workflows/ci.yml | 2 +- .../.github/workflows/notify-workflows.yml | 2 +- 72 files changed, 306 insertions(+), 306 deletions(-) diff --git a/.github/workflows/agents-63-issue-intake.yml b/.github/workflows/agents-63-issue-intake.yml index 628b358f7..6cbca4d08 100644 --- a/.github/workflows/agents-63-issue-intake.yml +++ b/.github/workflows/agents-63-issue-intake.yml @@ -226,7 +226,7 @@ jobs: issues: write # Only elevated when a sync actually mutates issues; early exits remain read-only. steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Echo received inputs run: | @@ -362,7 +362,7 @@ jobs: fi - name: Sync issues - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} with: @@ -1093,7 +1093,7 @@ jobs: env: INPUT_ISSUE: ${{ needs.normalize_inputs.outputs.issue_number }} DEFAULT_AGENT: ${{ needs.normalize_inputs.outputs.bridge_agent }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const manual = (process.env.INPUT_ISSUE || '').trim(); diff --git a/.github/workflows/agents-64-verify-agent-assignment.yml b/.github/workflows/agents-64-verify-agent-assignment.yml index 3fa815eca..740aef72d 100644 --- a/.github/workflows/agents-64-verify-agent-assignment.yml +++ b/.github/workflows/agents-64-verify-agent-assignment.yml @@ -60,7 +60,7 @@ jobs: steps: - name: Inspect issue id: check - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ISSUE_NUMBER: ${{ inputs.issue_number }} VALID_ASSIGNEES: ${{ inputs.valid_assignees }} diff --git a/.github/workflows/agents-71-codex-belt-dispatcher.yml b/.github/workflows/agents-71-codex-belt-dispatcher.yml index 4e405f260..5e54a0428 100644 --- a/.github/workflows/agents-71-codex-belt-dispatcher.yml +++ b/.github/workflows/agents-71-codex-belt-dispatcher.yml @@ -142,7 +142,7 @@ jobs: - name: Resolve candidate issue id: pick - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_DISPATCH_TOKEN }} script: | @@ -211,7 +211,7 @@ jobs: - name: Checkout default branch if: ${{ steps.pick.outputs.issue != '' && steps.mode.outputs.dry_run != 'true' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ steps.pick.outputs.base }} token: ${{ env.GH_DISPATCH_TOKEN }} @@ -237,7 +237,7 @@ jobs: - name: Transition issue to in-progress if: ${{ steps.pick.outputs.issue != '' && steps.mode.outputs.dry_run != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_DISPATCH_TOKEN }} script: | diff --git a/.github/workflows/agents-72-codex-belt-worker.yml b/.github/workflows/agents-72-codex-belt-worker.yml index d87ea746f..8e3662e1c 100644 --- a/.github/workflows/agents-72-codex-belt-worker.yml +++ b/.github/workflows/agents-72-codex-belt-worker.yml @@ -187,7 +187,7 @@ jobs: - name: Determine worker mode id: mode - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const coerce = (value) => { @@ -220,7 +220,7 @@ jobs: - name: Resolve worker context id: ctx - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -286,7 +286,7 @@ jobs: - name: Determine default branch id: base - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -301,7 +301,7 @@ jobs: - name: Check parallel allowance id: parallel - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -336,7 +336,7 @@ jobs: - name: Evaluate keepalive worker gate if: ${{ inputs.keepalive == true }} id: keepalive_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: KEEPALIVE: ${{ inputs.keepalive && 'true' || 'false' }} ISSUE_NUMBER: ${{ steps.ctx.outputs.issue }} @@ -393,7 +393,7 @@ jobs: - name: Prune merged step branches if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' }} id: prune - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -466,7 +466,7 @@ jobs: - name: Re-verify issue labels if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') }} id: verify - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -487,7 +487,7 @@ jobs: - name: Checkout branch if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ steps.ctx.outputs.branch }} token: ${{ env.GH_BELT_TOKEN }} @@ -851,7 +851,7 @@ jobs: - name: Ensure issue labels reflect in-progress state if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' && steps.verify.outputs.has_in_progress != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -865,7 +865,7 @@ jobs: - name: Remove residual status:ready label if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' && steps.verify.outputs.has_ready == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -882,7 +882,7 @@ jobs: - name: Open or refresh Codex PR if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' }} id: pr - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -935,7 +935,7 @@ jobs: - name: Configure auto-merge strategy if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' && steps.pr.outputs.number }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -967,7 +967,7 @@ jobs: - name: Apply automation labels if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' && steps.pr.outputs.number }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -982,7 +982,7 @@ jobs: - name: Ensure PR assignees include automation if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' && steps.pr.outputs.number }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -1000,7 +1000,7 @@ jobs: - name: Post activation comment if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' && steps.pr.outputs.number && inputs.keepalive != true }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | @@ -1042,7 +1042,7 @@ jobs: - name: Sync issue comment with PR link if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') && steps.mode.outputs.dry_run != 'true' && steps.pr.outputs.number }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_BELT_TOKEN }} script: | diff --git a/.github/workflows/agents-73-codex-belt-conveyor.yml b/.github/workflows/agents-73-codex-belt-conveyor.yml index ed7794a3f..7f8cb07a4 100644 --- a/.github/workflows/agents-73-codex-belt-conveyor.yml +++ b/.github/workflows/agents-73-codex-belt-conveyor.yml @@ -153,7 +153,7 @@ jobs: - name: Summarise invocation id: summary - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const summary = core.summary; @@ -212,7 +212,7 @@ jobs: - name: Load PR details id: pr - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | @@ -251,7 +251,7 @@ jobs: - name: Ensure Gate succeeded id: gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | @@ -270,7 +270,7 @@ jobs: - name: Detect bootstrap-only placeholder change id: bootstrap - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | @@ -335,7 +335,7 @@ jobs: - name: Merge PR with squash if: ${{ steps.mode.outputs.dry_run != 'true' && steps.bootstrap.outputs.bootstrap != 'true' }} id: merge - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | @@ -350,7 +350,7 @@ jobs: - name: Delete branch after merge if: ${{ steps.mode.outputs.dry_run != 'true' && steps.bootstrap.outputs.bootstrap != 'true' && steps.merge.outputs.merged == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | @@ -364,7 +364,7 @@ jobs: - name: Close source issue if: ${{ steps.mode.outputs.dry_run != 'true' && steps.bootstrap.outputs.bootstrap != 'true' && steps.merge.outputs.merged == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | @@ -394,7 +394,7 @@ jobs: - name: Leave merge confirmation on PR if: ${{ steps.mode.outputs.dry_run != 'true' && steps.bootstrap.outputs.bootstrap != 'true' && steps.merge.outputs.merged == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | @@ -416,7 +416,7 @@ jobs: - name: Re-dispatch dispatcher if: ${{ steps.mode.outputs.dry_run != 'true' && steps.bootstrap.outputs.bootstrap != 'true' && steps.merge.outputs.merged == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ env.GH_CONVEYOR_TOKEN }} script: | diff --git a/.github/workflows/agents-autofix-loop.yml b/.github/workflows/agents-autofix-loop.yml index f0dd7fb89..54fc3ea56 100644 --- a/.github/workflows/agents-autofix-loop.yml +++ b/.github/workflows/agents-autofix-loop.yml @@ -39,7 +39,7 @@ jobs: security_reason: ${{ steps.security_gate.outputs.reason }} steps: - name: Checkout (for security gate) - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts/prompt_injection_guard.js @@ -47,7 +47,7 @@ jobs: - name: Security gate - prompt injection guard id: security_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -102,7 +102,7 @@ jobs: - name: Evaluate workflow_run id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const run = context.payload.workflow_run; @@ -350,7 +350,7 @@ jobs: environment: agent-standard steps: - name: Add needs-human label and comment - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const prNumber = Number('${{ needs.prepare.outputs.pr_number }}'); @@ -404,7 +404,7 @@ jobs: steps: - name: Collect metrics id: collect - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/agents-bot-comment-handler.yml b/.github/workflows/agents-bot-comment-handler.yml index 534106cad..d6771e32d 100644 --- a/.github/workflows/agents-bot-comment-handler.yml +++ b/.github/workflows/agents-bot-comment-handler.yml @@ -61,7 +61,7 @@ jobs: steps: - name: Resolve PR number and check conditions id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const eventName = context.eventName; @@ -162,7 +162,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Remove trigger label - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | try { diff --git a/.github/workflows/agents-guard.yml b/.github/workflows/agents-guard.yml index 7a3e22585..0a96eb24c 100644 --- a/.github/workflows/agents-guard.yml +++ b/.github/workflows/agents-guard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout base ref for safety validation if: github.event_name == 'pull_request_target' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.base.sha }} sparse-checkout: | @@ -42,7 +42,7 @@ jobs: - name: Verify pull_request_target safety invariants if: github.event_name == 'pull_request_target' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const path = require('path'); @@ -58,7 +58,7 @@ jobs: - name: Checkout PR head for pull_request event if: github.event_name == 'pull_request' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts/agents-guard.js @@ -66,7 +66,7 @@ jobs: - name: Evaluate protected file changes id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const fs = require('fs'); @@ -281,7 +281,7 @@ jobs: - name: Post guard failure comment if: steps.evaluate.outputs.blocked == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COMMENT_BODY_B64: ${{ steps.evaluate.outputs.comment_body_b64 }} COMMENT_MARKER: ${{ steps.evaluate.outputs.marker }} @@ -399,7 +399,7 @@ jobs: - name: Report agents guard commit status if: always() - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: BLOCKED: ${{ steps.evaluate.outputs.blocked || 'false' }} SUMMARY: ${{ steps.evaluate.outputs.summary }} diff --git a/.github/workflows/agents-keepalive-branch-sync.yml b/.github/workflows/agents-keepalive-branch-sync.yml index 4cf5d58c3..4e00d96d7 100644 --- a/.github/workflows/agents-keepalive-branch-sync.yml +++ b/.github/workflows/agents-keepalive-branch-sync.yml @@ -105,7 +105,7 @@ jobs: printf 'Selected token source: %s\n' "$token_source" - name: Checkout PR head - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ inputs.head_repository || github.repository }} ref: ${{ inputs.head_ref }} diff --git a/.github/workflows/agents-keepalive-dispatch-handler.yml b/.github/workflows/agents-keepalive-dispatch-handler.yml index 6c29de343..7505ad87b 100644 --- a/.github/workflows/agents-keepalive-dispatch-handler.yml +++ b/.github/workflows/agents-keepalive-dispatch-handler.yml @@ -91,7 +91,7 @@ jobs: esac - name: Checkout keepalive scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: token: ${{ env.GH_TOKEN }} sparse-checkout: | @@ -101,7 +101,7 @@ jobs: - name: Process keepalive remediation id: process - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: DISPATCH_EVENT_TYPE: codex-pr-comment-command SYNC_LABEL: agents:sync-required diff --git a/.github/workflows/agents-keepalive-loop.yml b/.github/workflows/agents-keepalive-loop.yml index 97832323a..829cb7507 100644 --- a/.github/workflows/agents-keepalive-loop.yml +++ b/.github/workflows/agents-keepalive-loop.yml @@ -47,14 +47,14 @@ jobs: security_reason: ${{ steps.security_gate.outputs.reason }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Capture timestamps id: timestamps run: echo "start_ts=$(date -u +%s)" >> "$GITHUB_OUTPUT" - name: Security gate - prompt injection guard id: security_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -105,7 +105,7 @@ jobs: - name: Evaluate keepalive state id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -182,10 +182,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Update summary with running status - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -249,7 +249,7 @@ jobs: environment: agent-standard steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Emit keepalive metrics id: keepalive-metrics @@ -328,7 +328,7 @@ jobs: - name: Auto-reconcile task checkboxes if: needs.run-codex.outputs.changes-made == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -362,7 +362,7 @@ jobs: core.setOutput('reconciliation_details', result.details); - name: Update summary comment - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: CODEX_SUMMARY: ${{ needs.run-codex.outputs.final-message-summary || '' }} with: diff --git a/.github/workflows/agents-moderate-connector.yml b/.github/workflows/agents-moderate-connector.yml index 8f1d838e8..2178aefff 100644 --- a/.github/workflows/agents-moderate-connector.yml +++ b/.github/workflows/agents-moderate-connector.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Evaluate comment for moderation id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -180,7 +180,7 @@ jobs: - name: Delete connector comment if: steps.evaluate.outputs.delete == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COMMENT_ID: ${{ steps.evaluate.outputs.comment_id }} with: diff --git a/.github/workflows/agents-pr-meta-v4.yml b/.github/workflows/agents-pr-meta-v4.yml index b2008b1e1..2063242ea 100644 --- a/.github/workflows/agents-pr-meta-v4.yml +++ b/.github/workflows/agents-pr-meta-v4.yml @@ -78,10 +78,10 @@ jobs: agent_alias: ${{ steps.pre_gate.outputs.agent_alias }} head_sha: ${{ steps.pre_gate.outputs.head_sha }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Evaluate keepalive pre-gate id: pre_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { evaluateKeepaliveGate } = require('./.github/scripts/keepalive_gate.js'); @@ -102,7 +102,7 @@ jobs: - name: Evaluate keepalive comment id: detect - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ALLOWED_LOGINS: stranske KEEPALIVE_MARKER: '' @@ -119,7 +119,7 @@ jobs: name: Dispatch keepalive orchestrator runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Mint GitHub App token (preferred) id: app_token @@ -130,7 +130,7 @@ jobs: private-key: ${{ secrets.WORKFLOWS_APP_PRIVATE_KEY }} - name: Run orchestrator - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ steps.app_token.outputs.token || secrets.ACTIONS_BOT_PAT || secrets.SERVICE_BOT_PAT || secrets.AGENTS_AUTOMATION_PAT || github.token }} script: | @@ -168,7 +168,7 @@ jobs: steps: - name: Resolve Gate pull request context id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const prs = context.payload?.workflow_run?.pull_requests || []; @@ -184,10 +184,10 @@ jobs: name: Resume keepalive after Gate runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Evaluate keepalive gate id: gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { evaluateKeepaliveGate } = require('./.github/scripts/keepalive_gate.js'); @@ -220,7 +220,7 @@ jobs: - name: Detect keepalive from activation id: detect if: steps.gate.outputs.ok == 'true' && steps.gate.outputs.activation_comment != '' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ALLOWED_LOGINS: stranske ACTIVATION_COMMENT: ${{ steps.gate.outputs.activation_comment }} @@ -248,7 +248,7 @@ jobs: - name: Run orchestrator from gate if: steps.gate.outputs.ok == 'true' && steps.detect.outputs.dispatch == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ steps.app_token_gate.outputs.token || secrets.ACTIONS_BOT_PAT || secrets.SERVICE_BOT_PAT || secrets.AGENTS_AUTOMATION_PAT || github.token }} script: | @@ -296,7 +296,7 @@ jobs: name: Upsert PR body sections runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Mint GitHub App token (preferred) id: app_token @@ -307,7 +307,7 @@ jobs: private-key: ${{ secrets.WORKFLOWS_APP_PRIVATE_KEY }} - name: Update PR body - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ steps.app_token.outputs.token || secrets.AGENTS_AUTOMATION_PAT || secrets.ACTIONS_BOT_PAT || secrets.SERVICE_BOT_PAT || github.token }} script: | diff --git a/.github/workflows/agents-verifier.yml b/.github/workflows/agents-verifier.yml index 5f69074f3..74188c8aa 100644 --- a/.github/workflows/agents-verifier.yml +++ b/.github/workflows/agents-verifier.yml @@ -21,13 +21,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Wait for CI workflows to complete id: wait_ci - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -100,7 +100,7 @@ jobs: - name: Build verifier context id: context - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -282,7 +282,7 @@ jobs: - name: Open follow-up issue on verifier failure id: failure_issue if: steps.context.outputs.should_run == 'true' && steps.verdict.outputs.verdict == 'fail' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_URL: ${{ steps.context.outputs.pr_html_url }} RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/agents-weekly-metrics.yml b/.github/workflows/agents-weekly-metrics.yml index b00e8063d..1b6188415 100644 --- a/.github/workflows/agents-weekly-metrics.yml +++ b/.github/workflows/agents-weekly-metrics.yml @@ -17,7 +17,7 @@ jobs: environment: agent-standard steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -60,7 +60,7 @@ jobs: retention-days: 30 - name: Post summary to tracking issue - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/archived/maint-63-ensure-environments.yml b/.github/workflows/archived/maint-63-ensure-environments.yml index 460f296ce..28caf3c3d 100644 --- a/.github/workflows/archived/maint-63-ensure-environments.yml +++ b/.github/workflows/archived/maint-63-ensure-environments.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Ensure environments exist with protections - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const owner = context.repo.owner; diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index 143cc1357..bb2b7a34b 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -36,14 +36,14 @@ jobs: caller_actor: ${{ steps.context.outputs.caller_actor }} steps: - name: Checkout for API helpers - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: .github/scripts sparse-checkout-cone-mode: false - name: Resolve PR context id: context - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const path = require('path'); diff --git a/.github/workflows/health-40-repo-selfcheck.yml b/.github/workflows/health-40-repo-selfcheck.yml index 046918d84..670d33a15 100644 --- a/.github/workflows/health-40-repo-selfcheck.yml +++ b/.github/workflows/health-40-repo-selfcheck.yml @@ -21,7 +21,7 @@ jobs: name: Repository health summary runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Prepare branch protection token id: branch-token @@ -49,7 +49,7 @@ jobs: - name: Determine default branch id: default-branch - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ github.token }} script: | @@ -108,7 +108,7 @@ jobs: - name: Collect repository signals id: collect - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: REQUIRED_LABELS: agent:codex,agent:copilot,automerge,risk:low,codex-ready BRANCH_PROTECTION_TOKEN: ${{ steps.branch-token.outputs.token }} @@ -726,7 +726,7 @@ jobs: - name: Update failure tracker issue if: ${{ steps.aggregate.outputs.has_errors == 'true' || steps.aggregate.outputs.has_warnings == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ISSUE_BODY: ${{ steps.aggregate.outputs.issue_body }} with: @@ -809,7 +809,7 @@ jobs: - name: Close failure tracker issue if: ${{ steps.aggregate.outputs.has_errors != 'true' && steps.aggregate.outputs.has_warnings != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ github.token }} script: | @@ -842,7 +842,7 @@ jobs: - name: Update repo health snapshot issue if: ${{ env.HAS_ADMIN_TOKEN == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ISSUE_BODY_PATH: repo-health-issue.md with: @@ -968,7 +968,7 @@ jobs: - name: Publish PR checklist comment if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.pull_request_number != '' && steps.aggregate.outputs.comment_body != '' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ github.event.inputs.pull_request_number }} COMMENT_BODY: ${{ steps.aggregate.outputs.comment_body }} diff --git a/.github/workflows/health-41-repo-health.yml b/.github/workflows/health-41-repo-health.yml index 9a0d14779..c93a5b737 100644 --- a/.github/workflows/health-41-repo-health.yml +++ b/.github/workflows/health-41-repo-health.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Check API quota id: check - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: # Higher threshold than orchestrator (1000) so keepalive runs first RATE_LIMIT_THRESHOLD: '2000' @@ -64,7 +64,7 @@ jobs: steps: - name: Summarise repository health signals id: summarise - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | // Note: 'core' is already provided by github-script, no require needed @@ -274,7 +274,7 @@ jobs: core.info('Repository health summary written to workflow run.'); - name: Verify default branch protection - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: DEFAULT_BRANCH: ${{ steps.summarise.outputs.default-branch }} with: diff --git a/.github/workflows/health-42-actionlint.yml b/.github/workflows/health-42-actionlint.yml index 1d315062c..d6ca64cef 100644 --- a/.github/workflows/health-42-actionlint.yml +++ b/.github/workflows/health-42-actionlint.yml @@ -40,7 +40,7 @@ jobs: else echo "reporter=github-check" >> "$GITHUB_OUTPUT" fi - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Compute actionlint allowlist id: allowlist diff --git a/.github/workflows/health-43-ci-signature-guard.yml b/.github/workflows/health-43-ci-signature-guard.yml index e06af705b..bc3983356 100644 --- a/.github/workflows/health-43-ci-signature-guard.yml +++ b/.github/workflows/health-43-ci-signature-guard.yml @@ -18,7 +18,7 @@ jobs: verify-signature: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: actions/setup-python@v5 with: python-version: '3.11' diff --git a/.github/workflows/health-44-gate-branch-protection.yml b/.github/workflows/health-44-gate-branch-protection.yml index 96da2c001..6aace9476 100644 --- a/.github/workflows/health-44-gate-branch-protection.yml +++ b/.github/workflows/health-44-gate-branch-protection.yml @@ -24,11 +24,11 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Determine default branch id: default-branch - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms)); diff --git a/.github/workflows/health-50-security-scan.yml b/.github/workflows/health-50-security-scan.yml index 00f3b8874..e0af397a1 100644 --- a/.github/workflows/health-50-security-scan.yml +++ b/.github/workflows/health-50-security-scan.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Initialize CodeQL uses: github/codeql-action/init@v4 diff --git a/.github/workflows/health-67-integration-sync-check.yml b/.github/workflows/health-67-integration-sync-check.yml index 1ee117f00..074fa5d9d 100644 --- a/.github/workflows/health-67-integration-sync-check.yml +++ b/.github/workflows/health-67-integration-sync-check.yml @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Workflows repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: workflows @@ -149,7 +149,7 @@ jobs: - name: Create drift issue if: ${{ failure() || steps.compare-ci.outputs.drift == 'true' || steps.compare-versions.outputs.drift == 'true' || steps.compare-inputs.outputs.drift == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const title = '🔄 Integration-Tests sync drift detected'; diff --git a/.github/workflows/health-70-validate-sync-manifest.yml b/.github/workflows/health-70-validate-sync-manifest.yml index 99f1dc867..d2fc1130e 100644 --- a/.github/workflows/health-70-validate-sync-manifest.yml +++ b/.github/workflows/health-70-validate-sync-manifest.yml @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -189,7 +189,7 @@ jobs: - name: Comment on PR if: failure() && github.event_name == 'pull_request' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const body = `## ❌ Sync Manifest Validation Failed diff --git a/.github/workflows/health-codex-auth-check.yml b/.github/workflows/health-codex-auth-check.yml index 1c5464375..bc0bc7a95 100644 --- a/.github/workflows/health-codex-auth-check.yml +++ b/.github/workflows/health-codex-auth-check.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Check for existing open issue id: existing - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const issues = await github.rest.issues.listForRepo({ @@ -120,7 +120,7 @@ jobs: - name: Create expiration warning issue if: steps.check.outputs.status == 'expiring-soon' || steps.check.outputs.status == 'expired' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const status = '${{ steps.check.outputs.status }}'; diff --git a/.github/workflows/maint-45-cosmetic-repair.yml b/.github/workflows/maint-45-cosmetic-repair.yml index f46b60f94..f746de807 100644 --- a/.github/workflows/maint-45-cosmetic-repair.yml +++ b/.github/workflows/maint-45-cosmetic-repair.yml @@ -32,7 +32,7 @@ jobs: BASE_BRANCH: ${{ inputs['base-branch'] }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ env.BASE_BRANCH }} diff --git a/.github/workflows/maint-46-post-ci.yml b/.github/workflows/maint-46-post-ci.yml index 00a235b15..d5f5ddc9f 100644 --- a/.github/workflows/maint-46-post-ci.yml +++ b/.github/workflows/maint-46-post-ci.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Check Gate summary completion id: gate_guard - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const run = context.payload.workflow_run; @@ -84,7 +84,7 @@ jobs: - name: Checkout helpers if: ${{ steps.gate_guard.outputs.recover == 'true' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -94,7 +94,7 @@ jobs: - name: Discover Gate workflow runs if: ${{ steps.gate_guard.outputs.recover == 'true' }} id: discover - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { discoverWorkflowRuns } = require('./.github/scripts/maint-post-ci.js'); @@ -230,7 +230,7 @@ jobs: - name: Propagate Gate commit status if: ${{ steps.gate_guard.outputs.recover == 'true' && steps.discover.outputs.head_sha != '' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: HEAD_SHA: ${{ steps.discover.outputs.head_sha }} RUN_CONCLUSION: ${{ github.event.workflow_run.conclusion || '' }} diff --git a/.github/workflows/maint-47-disable-legacy-workflows.yml b/.github/workflows/maint-47-disable-legacy-workflows.yml index bd1c62ca3..6a897fe5e 100644 --- a/.github/workflows/maint-47-disable-legacy-workflows.yml +++ b/.github/workflows/maint-47-disable-legacy-workflows.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v5 diff --git a/.github/workflows/maint-50-tool-version-check.yml b/.github/workflows/maint-50-tool-version-check.yml index f5c4907e9..04517e4c2 100644 --- a/.github/workflows/maint-50-tool-version-check.yml +++ b/.github/workflows/maint-50-tool-version-check.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -156,7 +156,7 @@ jobs: - name: Create or update issue if: steps.compare.outputs.has_updates == 'true' || github.event.inputs.force_issue == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const fs = require('fs'); diff --git a/.github/workflows/maint-51-dependency-refresh.yml b/.github/workflows/maint-51-dependency-refresh.yml index 59bd837b3..b049b6af2 100644 --- a/.github/workflows/maint-51-dependency-refresh.yml +++ b/.github/workflows/maint-51-dependency-refresh.yml @@ -23,7 +23,7 @@ jobs: BASE_BRANCH: ${{ github.event.repository.default_branch }} steps: - name: Checkout default branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ env.BASE_BRANCH }} fetch-depth: 0 diff --git a/.github/workflows/maint-52-sync-dev-versions.yml b/.github/workflows/maint-52-sync-dev-versions.yml index 0052b7241..2105dcd02 100644 --- a/.github/workflows/maint-52-sync-dev-versions.yml +++ b/.github/workflows/maint-52-sync-dev-versions.yml @@ -53,7 +53,7 @@ jobs: versions_hash: ${{ steps.hash.outputs.hash }} steps: - name: Checkout Workflows - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/workflows/autofix-versions.env diff --git a/.github/workflows/maint-52-validate-workflows.yml b/.github/workflows/maint-52-validate-workflows.yml index 5ad6793fb..8282bfbe1 100644 --- a/.github/workflows/maint-52-validate-workflows.yml +++ b/.github/workflows/maint-52-validate-workflows.yml @@ -16,7 +16,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Cache workflow linters id: cache-linters diff --git a/.github/workflows/maint-60-release.yml b/.github/workflows/maint-60-release.yml index f7f7c87ac..68218e17d 100644 --- a/.github/workflows/maint-60-release.yml +++ b/.github/workflows/maint-60-release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/maint-61-create-floating-v1-tag.yml b/.github/workflows/maint-61-create-floating-v1-tag.yml index f502158cb..15f2ae7d3 100644 --- a/.github/workflows/maint-61-create-floating-v1-tag.yml +++ b/.github/workflows/maint-61-create-floating-v1-tag.yml @@ -18,7 +18,7 @@ jobs: if: github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' || startsWith(github.event.release.tag_name, 'v1.') steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/maint-62-integration-consumer.yml b/.github/workflows/maint-62-integration-consumer.yml index 9fa6ca15e..94e60e753 100644 --- a/.github/workflows/maint-62-integration-consumer.yml +++ b/.github/workflows/maint-62-integration-consumer.yml @@ -90,7 +90,7 @@ jobs: - name: Open or update failure issue if: ${{ needs.scenarios.result != 'success' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { owner, repo } = context.repo; @@ -126,7 +126,7 @@ jobs: - name: Resolve open issue on success if: ${{ needs.scenarios.result == 'success' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { owner, repo } = context.repo; diff --git a/.github/workflows/maint-65-sync-label-docs.yml b/.github/workflows/maint-65-sync-label-docs.yml index e32f60937..c7977984a 100644 --- a/.github/workflows/maint-65-sync-label-docs.yml +++ b/.github/workflows/maint-65-sync-label-docs.yml @@ -31,7 +31,7 @@ jobs: stranske/Template steps: - name: Checkout source - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: docs/LABELS.md sparse-checkout-cone-mode: false diff --git a/.github/workflows/maint-66-monthly-audit.yml b/.github/workflows/maint-66-monthly-audit.yml index 5031bb563..58c4fdcdb 100644 --- a/.github/workflows/maint-66-monthly-audit.yml +++ b/.github/workflows/maint-66-monthly-audit.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Collect workflow statistics id: stats diff --git a/.github/workflows/maint-68-sync-consumer-repos.yml b/.github/workflows/maint-68-sync-consumer-repos.yml index 79b666cd8..7e8158285 100644 --- a/.github/workflows/maint-68-sync-consumer-repos.yml +++ b/.github/workflows/maint-68-sync-consumer-repos.yml @@ -57,7 +57,7 @@ jobs: manifest_json: ${{ steps.manifest.outputs.json }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | templates/consumer-repo @@ -160,7 +160,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -245,7 +245,7 @@ jobs: REPO_TOKEN: ${{ secrets.OWNER_PR_PAT || secrets.SERVICE_BOT_PAT }} steps: - name: Checkout Workflows - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: workflows diff --git a/.github/workflows/maint-69-sync-integration-repo.yml b/.github/workflows/maint-69-sync-integration-repo.yml index a759e283e..fc97ab564 100644 --- a/.github/workflows/maint-69-sync-integration-repo.yml +++ b/.github/workflows/maint-69-sync-integration-repo.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Workflows repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: workflows sparse-checkout: | diff --git a/.github/workflows/maint-coverage-guard.yml b/.github/workflows/maint-coverage-guard.yml index 00cd743aa..8cbfd2f1d 100644 --- a/.github/workflows/maint-coverage-guard.yml +++ b/.github/workflows/maint-coverage-guard.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Check API quota id: check - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: # Higher threshold than orchestrator (1000) so keepalive runs first RATE_LIMIT_THRESHOLD: '2000' @@ -60,11 +60,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Locate latest Gate workflow run id: discover - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/maint-sync-env-from-pyproject.yml b/.github/workflows/maint-sync-env-from-pyproject.yml index 57d40c394..841ba099e 100644 --- a/.github/workflows/maint-sync-env-from-pyproject.yml +++ b/.github/workflows/maint-sync-env-from-pyproject.yml @@ -19,7 +19,7 @@ jobs: sync-env: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Extract versions from pyproject.toml id: extract diff --git a/.github/workflows/pr-00-gate.yml b/.github/workflows/pr-00-gate.yml index 66898127b..35651a880 100644 --- a/.github/workflows/pr-00-gate.yml +++ b/.github/workflows/pr-00-gate.yml @@ -30,7 +30,7 @@ jobs: workflow_changed: ${{ steps.diff.outputs.workflow_changed || 'false' }} steps: - name: Checkout workflow helpers - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} ref: ${{ github.event.pull_request.head.sha || github.sha }} @@ -39,7 +39,7 @@ jobs: sparse-checkout-cone-mode: false - name: Detect changes via API id: diff - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { detectChanges } = require('./.github/scripts/detect-changes.js'); @@ -133,7 +133,7 @@ jobs: if: ${{ needs.detect.outputs.doc_only != 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} ref: ${{ github.event.pull_request.head.sha || github.sha }} @@ -163,7 +163,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} ref: ${{ github.event.pull_request.head.sha || github.sha }} @@ -211,7 +211,7 @@ jobs: autofix_label_skipped: ${{ steps.autofix_label.outputs.skipped_reason || '' }} steps: - name: Checkout workflow helpers - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} ref: ${{ github.event.pull_request.head.sha || github.sha }} @@ -223,7 +223,7 @@ jobs: - name: Handle docs-only change if: needs.detect.outputs.doc_only == 'true' id: docs_only - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: REASON: ${{ needs.detect.outputs.reason || 'docs_only' }} with: @@ -233,7 +233,7 @@ jobs: - name: Ensure docs-only fast-pass comment if: needs.detect.outputs.doc_only == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COMMENT_BODY: ${{ steps.docs_only.outputs.comment_body }} MARKER: ${{ steps.docs_only.outputs.marker }} @@ -253,7 +253,7 @@ jobs: - name: Remove docs-only fast-pass comment when not needed if: needs.detect.outputs.doc_only != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: MARKER: ${{ steps.docs_only.outputs.marker }} BASE_MESSAGE: ${{ steps.docs_only.outputs.base_message }} @@ -270,7 +270,7 @@ jobs: }); - name: Discover Gate workflow runs id: gather - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { discoverWorkflowRuns } = require('./.github/scripts/maint-post-ci.js'); @@ -322,7 +322,7 @@ jobs: - name: Compute coverage stats if: needs.detect.outputs.doc_only != 'true' && needs.detect.outputs.coverage == 'true' id: coverage_stats - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COVERAGE_ROOT: gate_artifacts/downloads with: @@ -379,7 +379,7 @@ jobs: steps.summarize.outputs.state == 'failure' && steps.summarize.outputs.cosmetic_failure == 'true' && !contains(github.event.pull_request.labels.*.name, 'autofix:clean') - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ALLOWED_EXTENSIONS: 'py,pyi' FORMAT_FAILURE: ${{ steps.summarize.outputs.format_failure || 'false' }} @@ -514,7 +514,7 @@ jobs: HEAD_SHA: ${{ steps.gather.outputs.head_sha || github.event.pull_request.head.sha || github.sha }} - name: Append keepalive checklists - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ github.event.pull_request.number }} LABEL_APPLIED: ${{ steps.autofix_label.outputs.applied || 'false' }} @@ -655,7 +655,7 @@ jobs: - name: Ensure consolidated summary comment if: always() - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ github.token }} script: | @@ -677,7 +677,7 @@ jobs: - name: Report Gate commit status if: ${{ always() }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: STATE: ${{ steps.summarize.outputs.state || steps.docs_only.outputs.state || 'pending' }} DESCRIPTION: ${{ steps.summarize.outputs.description || steps.docs_only.outputs.description || 'Gate status pending' }} diff --git a/.github/workflows/pr-11-ci-smoke.yml b/.github/workflows/pr-11-ci-smoke.yml index 8e5468438..e11ea5fe0 100644 --- a/.github/workflows/pr-11-ci-smoke.yml +++ b/.github/workflows/pr-11-ci-smoke.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 # Shallow clone for faster checkout diff --git a/.github/workflows/reusable-10-ci-python.yml b/.github/workflows/reusable-10-ci-python.yml index ef94af819..7e9805b7c 100644 --- a/.github/workflows/reusable-10-ci-python.yml +++ b/.github/workflows/reusable-10-ci-python.yml @@ -320,12 +320,12 @@ jobs: steps: - name: Checkout repository if: ${{ inputs['working-directory'] == '' || inputs['working-directory'] == '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 - name: Checkout repository (sparse) if: ${{ inputs['working-directory'] != '' && inputs['working-directory'] != '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 sparse-checkout: | @@ -598,12 +598,12 @@ jobs: steps: - name: Checkout repository if: ${{ inputs['working-directory'] == '' || inputs['working-directory'] == '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 - name: Checkout repository (sparse) if: ${{ inputs['working-directory'] != '' && inputs['working-directory'] != '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 sparse-checkout: | @@ -876,12 +876,12 @@ jobs: steps: - name: Checkout repository if: ${{ inputs['working-directory'] == '' || inputs['working-directory'] == '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 - name: Checkout repository (sparse) if: ${{ inputs['working-directory'] != '' && inputs['working-directory'] != '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 sparse-checkout: | @@ -1213,12 +1213,12 @@ jobs: steps: - name: Checkout repository if: ${{ inputs['working-directory'] == '' || inputs['working-directory'] == '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 # Shallow clone for faster checkout - name: Checkout repository (sparse) if: ${{ inputs['working-directory'] != '' && inputs['working-directory'] != '.' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 # Shallow clone for faster checkout sparse-checkout: | @@ -2037,7 +2037,7 @@ jobs: PY - name: Summarize workflow jobs - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { owner, repo } = context.repo; diff --git a/.github/workflows/reusable-11-ci-node.yml b/.github/workflows/reusable-11-ci-node.yml index 358b621e3..e9d0ab645 100644 --- a/.github/workflows/reusable-11-ci-node.yml +++ b/.github/workflows/reusable-11-ci-node.yml @@ -200,7 +200,7 @@ jobs: PROJECT_ROOT: ${{ inputs['working-directory'] != '' && inputs['working-directory'] != '.' && format('{0}/{1}', github.workspace, inputs['working-directory']) || github.workspace }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/reusable-12-ci-docker.yml b/.github/workflows/reusable-12-ci-docker.yml index be13fd859..40bb3b9fd 100644 --- a/.github/workflows/reusable-12-ci-docker.yml +++ b/.github/workflows/reusable-12-ci-docker.yml @@ -22,7 +22,7 @@ jobs: HEALTH_PATH: ${{ vars.HEALTH_PATH || '/_stcore/health' }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/reusable-16-agents.yml b/.github/workflows/reusable-16-agents.yml index 5b76a8368..3523f9b45 100644 --- a/.github/workflows/reusable-16-agents.yml +++ b/.github/workflows/reusable-16-agents.yml @@ -140,7 +140,7 @@ jobs: steps: - name: Probe assignable actors id: gql - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { owner, repo } = context.repo; @@ -150,7 +150,7 @@ jobs: core.setOutput('actors', JSON.stringify(actors)); - name: Create temp issue id: tmp - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { owner, repo } = context.repo; @@ -163,7 +163,7 @@ jobs: AGENTS_REQ: ${{ inputs.readiness_agents }} CUSTOM_LOGINS: ${{ inputs.readiness_custom_logins }} REQUIRE_ALL: ${{ inputs.require_all }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const num = Number(core.getInput('issue_number') || process.env.ISSUE_NUM || '${{ steps.tmp.outputs.num }}'); @@ -206,7 +206,7 @@ jobs: } - name: Close temp if: always() - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { owner, repo } = context.repo; await github.rest.issues.update({ owner, repo, issue_number: Number('${{ steps.tmp.outputs.num }}'), state: 'closed' }); @@ -231,7 +231,7 @@ jobs: timeout-minutes: 15 steps: - name: Preflight probe - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: CODEX_USER: ${{ inputs.codex_user }} CODEX_COMMAND: ${{ inputs.codex_command_phrase }} @@ -252,7 +252,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Token / Env Probe shell: bash env: @@ -294,7 +294,7 @@ jobs: timeout-minutes: 10 steps: - name: Append verify assignment results - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: STATUS: ${{ needs.verify_issue.outputs.status || '' }} MESSAGE: ${{ needs.verify_issue.outputs.message || '' }} @@ -371,10 +371,10 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Find Ready Issues id: ready - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: LABEL: ${{ inputs.bootstrap_issues_label }} DRY_RUN: ${{ inputs.dry_run }} @@ -581,7 +581,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Basic Repo Sanity run: | test -f pyproject.toml || { echo 'pyproject.toml missing'; exit 1; } @@ -602,12 +602,12 @@ jobs: steps: # Dual checkout pattern: consumer repo for context, Workflows repo for scripts - name: Checkout consumer repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 path: consumer - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -637,7 +637,7 @@ jobs: exit 1 - name: Verify keepalive identity if: ${{ env.SERVICE_BOT_PAT != '' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.service_bot_pat }} script: | @@ -658,7 +658,7 @@ jobs: trace="$(python -c 'import secrets, time; print(f"{int(time.time())}-{secrets.token_hex(4)}")')" printf 'KEEPALIVE_TRACE=%s\n' "$trace" >> "$GITHUB_ENV" - name: Resume Codex on unattended checklists - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: OPTIONS_JSON: ${{ inputs.options_json }} DRY_RUN: ${{ inputs.dry_run }} @@ -687,7 +687,7 @@ jobs: timeout-minutes: 10 steps: - name: Collate job outcomes - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ENABLE_READINESS: ${{ inputs.enable_readiness }} ENABLE_PREFLIGHT: ${{ inputs.enable_preflight }} diff --git a/.github/workflows/reusable-18-autofix.yml b/.github/workflows/reusable-18-autofix.yml index 4549b6626..4b7b8844b 100644 --- a/.github/workflows/reusable-18-autofix.yml +++ b/.github/workflows/reusable-18-autofix.yml @@ -233,7 +233,7 @@ jobs: # Dual checkout pattern: Workflows scripts as supplement to consumer repo - name: Checkout Workflows scripts (for autofix utilities) - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -248,7 +248,7 @@ jobs: echo "WORKFLOWS_SCRIPTS_PATH=${GITHUB_WORKSPACE}/workflows-lib" >> "$GITHUB_ENV" - name: Checkout PR HEAD - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ env.PR_HEAD_REF || github.ref }} fetch-depth: 0 @@ -296,7 +296,7 @@ jobs: - name: Ensure autofix label present if: steps.guard.outputs.skip != 'true' && steps.same_repo.outputs.same == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} OPT_IN_LABEL: ${{ inputs.opt_in_label }} @@ -331,7 +331,7 @@ jobs: - name: Detect clean mode if: steps.guard.outputs.skip != 'true' id: clean_mode - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const pr = context.payload.pull_request; @@ -782,7 +782,7 @@ jobs: - name: Label PR (autofix patch available) if: steps.guard.outputs.skip != 'true' && steps.fix_results.outputs.changed == 'true' && env.AUTOFIX_CAN_PUSH != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} OPT_IN_LABEL: ${{ inputs.opt_in_label }} @@ -885,7 +885,7 @@ jobs: - name: Manage autofix outcome labels if: steps.guard.outputs.skip != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: AUTO_CHANGED: ${{ steps.fix_results.outputs.changed }} SAME_REPO: ${{ steps.same_repo.outputs.same }} @@ -1110,7 +1110,7 @@ jobs: - name: Checkout Workflows for PR comment action if: steps.guard.outputs.skip != 'true' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows sparse-checkout: | @@ -1131,7 +1131,7 @@ jobs: - name: Upsert consolidated PR comment if: steps.guard.outputs.skip != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} with: @@ -1157,7 +1157,7 @@ jobs: - name: Upsert clean-mode file summary comment if: steps.guard.outputs.skip != 'true' && steps.clean_mode.outputs.enabled == 'true' && steps.fix_results.outputs.changed == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} FILE_LIST: ${{ steps.fix_results.outputs.file_list }} @@ -1192,7 +1192,7 @@ jobs: - name: Upsert safe sweep file summary comment if: steps.guard.outputs.skip != 'true' && steps.clean_mode.outputs.enabled != 'true' && steps.fix_results.outputs.changed == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} FILE_LIST: ${{ steps.fix_results.outputs.file_list }} @@ -1224,7 +1224,7 @@ jobs: - name: Regression detector (same-repo) if: steps.guard.outputs.skip != 'true' && steps.same_repo.outputs.same == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const fs = require('fs'); diff --git a/.github/workflows/reusable-20-pr-meta.yml b/.github/workflows/reusable-20-pr-meta.yml index 0dd86424b..b9d97fac6 100644 --- a/.github/workflows/reusable-20-pr-meta.yml +++ b/.github/workflows/reusable-20-pr-meta.yml @@ -104,13 +104,13 @@ jobs: steps: # Dual checkout pattern: consumer repo for context, Workflows repo for scripts - name: Checkout consumer repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 1 path: consumer - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -128,7 +128,7 @@ jobs: - name: Evaluate keepalive pre-gate id: pre_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} COMMENT_ID: ${{ inputs.comment_id }} @@ -157,7 +157,7 @@ jobs: - name: Evaluate keepalive comment id: detect - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ALLOWED_LOGINS: ${{ inputs.allowed_keepalive_logins }} KEEPALIVE_MARKER: ${{ inputs.keepalive_marker }} @@ -184,7 +184,7 @@ jobs: AGENTS_AUTOMATION_PAT: ${{ secrets.AGENTS_AUTOMATION_PAT || '' }} steps: - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -207,7 +207,7 @@ jobs: private-key: ${{ secrets.WORKFLOWS_APP_PRIVATE_KEY }} - name: Run orchestrator - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: INSTRUCTION_BODY: ${{ needs.keepalive_dispatch.outputs.instruction_body }} with: @@ -243,7 +243,7 @@ jobs: if: inputs.event_name == 'pull_request' steps: - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -258,7 +258,7 @@ jobs: echo "WORKFLOWS_SCRIPTS_PATH=${GITHUB_WORKSPACE}/workflows-lib" >> "$GITHUB_ENV" - name: Upsert PR body sections - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} DRY_RUN: ${{ inputs.dry_run }} diff --git a/.github/workflows/reusable-70-orchestrator-init.yml b/.github/workflows/reusable-70-orchestrator-init.yml index 0bb567289..6d135fb8b 100644 --- a/.github/workflows/reusable-70-orchestrator-init.yml +++ b/.github/workflows/reusable-70-orchestrator-init.yml @@ -114,7 +114,7 @@ jobs: reset_time: ${{ steps.check.outputs.reset_time || '' }} steps: - name: Checkout API helpers - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -123,7 +123,7 @@ jobs: - name: Check GitHub API rate limit id: check - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: RATE_LIMIT_THRESHOLD: '1000' with: @@ -173,7 +173,7 @@ jobs: steps: - name: Count agent issues id: precheck - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: INPUT_KEEPALIVE_ENABLED: ${{ inputs.keepalive_enabled }} INPUT_PR_NUMBER: ${{ inputs.pr_number }} @@ -318,7 +318,7 @@ jobs: - name: Probe keepalive token identity if: steps.select.outcome == 'success' && steps.select.outputs.token != 'APP_TOKEN' id: probe_token_identity - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ steps.select.outputs.token == 'ACTIONS_BOT_PAT' && secrets.ACTIONS_BOT_PAT || secrets.SERVICE_BOT_PAT }} script: | @@ -403,7 +403,7 @@ jobs: keepalive_pr: ${{ steps.resolve.outputs.keepalive_pr }} steps: - name: Confirm default-branch execution context - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const ref = context.ref || ''; @@ -416,7 +416,7 @@ jobs: } - name: Bootstrap checkout resolver - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: helpers sparse-checkout: | @@ -426,7 +426,7 @@ jobs: - name: Resolve workflow_run checkout source id: checkout_source - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { resolveCheckoutSource } = require('./helpers/.github/scripts/checkout_source.js'); @@ -440,7 +440,7 @@ jobs: warnings.forEach((warning) => core.warning(warning)); - name: Checkout orchestrator scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ steps.checkout_source.outputs.repository || github.repository }} ref: ${{ steps.checkout_source.outputs.ref || github.sha }} @@ -451,7 +451,7 @@ jobs: - name: Resolve dispatch parameters id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PARAMS_JSON: ${{ inputs.params_json }} WORKFLOW_DRY_RUN: ${{ inputs.dry_run }} diff --git a/.github/workflows/reusable-70-orchestrator-main.yml b/.github/workflows/reusable-70-orchestrator-main.yml index 94677f55c..11422517f 100644 --- a/.github/workflows/reusable-70-orchestrator-main.yml +++ b/.github/workflows/reusable-70-orchestrator-main.yml @@ -131,7 +131,7 @@ jobs: private-key: ${{ secrets.WORKFLOWS_APP_PRIVATE_KEY }} - name: Checkout guard helpers - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -139,7 +139,7 @@ jobs: fetch-depth: 1 - name: Evaluate keepalive prerequisites id: guard - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: KEEPALIVE_ENABLED: ${{ inputs.enable_keepalive }} KEEPALIVE_TRACE: ${{ inputs.keepalive_trace }} @@ -216,7 +216,7 @@ jobs: cap: ${{ steps.cap.outputs.cap || '' }} steps: - name: Checkout run cap helpers - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -225,7 +225,7 @@ jobs: - name: Evaluate orchestrator run cap id: cap - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.keepalive_pr || '' }} ENABLE_KEEPALIVE: ${{ inputs.enable_keepalive || 'false' }} @@ -317,7 +317,7 @@ jobs: steps: - name: Resolve PR number and agent alias id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -461,7 +461,7 @@ jobs: head_repo: ${{ steps.snapshot.outputs.head_repo || '' }} steps: - name: Checkout orchestrator scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -479,7 +479,7 @@ jobs: - name: Prepare keepalive instruction id: prepare - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.keepalive_pr }} ROUND_HINT: ${{ inputs.keepalive_round }} @@ -822,7 +822,7 @@ jobs: core.setOutput('scope_tasks_acceptance', instruction); - name: Capture keepalive head snapshot id: snapshot - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ steps.prepare.outputs.pr_number }} with: @@ -855,7 +855,7 @@ jobs: - name: Persist keepalive head snapshot if: steps.snapshot.outputs.head != '' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ steps.prepare.outputs.pr_number }} TRACE: ${{ steps.prepare.outputs.trace }} @@ -889,7 +889,7 @@ jobs: - name: Render keepalive instruction body id: render_instruction_body - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ROUND_DISPLAY: ${{ steps.prepare.outputs.round || '(unknown)' }} TRACE_DISPLAY: ${{ steps.prepare.outputs.trace || '(missing)' }} @@ -963,7 +963,7 @@ jobs: - name: Extract instruction payload id: extract_instruction_segment - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COMMENT_BODY: ${{ steps.render_instruction_body.outputs.body }} with: @@ -1097,7 +1097,7 @@ jobs: steps: - name: Detect existing PR for issue branch id: lookup - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: KEEPALIVE_ENABLED: ${{ inputs.enable_keepalive }} with: @@ -1229,7 +1229,7 @@ jobs: - name: Dispatch keepalive branch sync id: dispatch - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: WORKFLOW_ID: agents-keepalive-branch-sync.yml TARGET_REF: ${{ github.event.repository.default_branch }} @@ -1315,7 +1315,7 @@ jobs: - name: Await branch-sync completion id: await - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: WORKFLOW_ID: agents-keepalive-branch-sync.yml REF: ${{ steps.dispatch.outputs.ref }} @@ -1406,7 +1406,7 @@ jobs: - name: Check staging PR head id: head_check - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ needs.keepalive-prep.outputs.pr_number }} BASELINE_HEAD: ${{ needs.keepalive-prep.outputs.baseline_head }} @@ -1518,7 +1518,7 @@ jobs: fi - name: Checkout orchestrator scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -1527,7 +1527,7 @@ jobs: - name: Reconcile keepalive branch state id: reconcile - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: TRACE: ${{ needs.keepalive-prep.outputs.trace }} ROUND: ${{ needs.keepalive-prep.outputs.round }} @@ -1674,7 +1674,7 @@ jobs: - name: Checkout orchestrator scripts if: steps.gate.outputs.should_post == 'true' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -1739,7 +1739,7 @@ jobs: - name: Post keepalive instruction (App token preferred) id: post_instruction_app if: steps.gate.outputs.should_post == 'true' && steps.author_token.outputs.token == 'APP_TOKEN' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ needs.keepalive-prep.outputs.pr_number }} COMMENT_BODY: ${{ needs.keepalive-prep.outputs.body }} @@ -1770,7 +1770,7 @@ jobs: - name: Post keepalive instruction (as stranske if possible) id: post_instruction_primary if: steps.gate.outputs.should_post == 'true' && steps.author_token.outputs.token == 'ACTIONS_BOT_PAT' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ needs.keepalive-prep.outputs.pr_number }} COMMENT_BODY: ${{ needs.keepalive-prep.outputs.body }} @@ -1801,7 +1801,7 @@ jobs: - name: Post keepalive instruction (fallback) id: post_instruction_fallback if: steps.gate.outputs.should_post == 'true' && steps.author_token.outputs.token == 'SERVICE_BOT_PAT' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ needs.keepalive-prep.outputs.pr_number }} COMMENT_BODY: ${{ needs.keepalive-prep.outputs.body }} @@ -1877,7 +1877,7 @@ jobs: - name: Ack keepalive instruction id: ack if: steps.gate.outputs.should_post == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ needs.keepalive-prep.outputs.pr_number }} COMMENT_ID: ${{ steps.capture_comment.outputs.comment_id }} @@ -2006,7 +2006,7 @@ jobs: - name: Emit fallback dispatch if: steps.gate.outputs.should_post == 'true' && steps.ack.outputs.acknowledged != 'true' && needs.keepalive-prep.outputs.actions_available == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ needs.keepalive-prep.outputs.pr_number }} COMMENT_ID: ${{ steps.capture_comment.outputs.comment_id }} @@ -2098,7 +2098,7 @@ jobs: - name: Post fallback comment if: steps.gate.outputs.should_post == 'true' && steps.ack.outputs.acknowledged != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ needs.keepalive-prep.outputs.pr_number }} ROUND: ${{ needs.keepalive-prep.outputs.round }} @@ -2323,7 +2323,7 @@ jobs: # Do not remove checkout; local helper is required. - name: Checkout orchestrator scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -2331,7 +2331,7 @@ jobs: fetch-depth: 1 - name: Append dispatch summary - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: DISPATCH_RESULT: ${{ needs.belt-dispatch.result || '' }} DISPATCH_ISSUE: ${{ needs.belt-dispatch.outputs.issue || '' }} @@ -2353,7 +2353,7 @@ jobs: if: | needs.keepalive-guard.outputs.proceed != 'false' && needs.keepalive-instruction.outputs.trace != '' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: KEEPALIVE_TRACE: ${{ needs.keepalive-instruction.outputs.trace }} KEEPALIVE_ROUND: ${{ needs.keepalive-instruction.outputs.round || inputs.keepalive_round }} @@ -2516,7 +2516,7 @@ jobs: steps: # Do not remove checkout; local helper is required. - name: Checkout orchestrator scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -2524,7 +2524,7 @@ jobs: fetch-depth: 1 - name: Identify ready Codex PRs id: scan - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | // Do not remove checkout; local helper is required. @@ -2564,7 +2564,7 @@ jobs: steps: - name: Merge Codex PRs tagged for automerge id: automerge - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: DEFAULT_BRANCH: ${{ github.event.repository.default_branch || '' }} AUTOMERGE_LABEL: automerge diff --git a/.github/workflows/reusable-agents-issue-bridge.yml b/.github/workflows/reusable-agents-issue-bridge.yml index af2a889c9..06cbde7a1 100644 --- a/.github/workflows/reusable-agents-issue-bridge.yml +++ b/.github/workflows/reusable-agents-issue-bridge.yml @@ -90,7 +90,7 @@ jobs: - name: Resolve issue number id: ctx - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const issueFromEvent = context.payload.issue && context.payload.issue.number; @@ -102,7 +102,7 @@ jobs: - name: Resolve agent label if: ${{ steps.ctx.outputs.has_issue == 'true' }} id: agent_label - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const issueNumber = Number('${{ steps.ctx.outputs.issue }}'); @@ -213,7 +213,7 @@ jobs: - name: Resolve base and head refs id: refs - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const { owner, repo } = context.repo; @@ -232,7 +232,7 @@ jobs: echo "::error::Missing issue number for workflow_dispatch. Provide an issue number when manually running this workflow." && exit 1 - name: Checkout default - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ steps.refs.outputs.base }} fetch-depth: 0 @@ -240,7 +240,7 @@ jobs: - name: Select PR mode id: mode - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: AGENT: ${{ steps.agent_label.outputs.agent || inputs.agent }} with: @@ -274,7 +274,7 @@ jobs: - name: Resolve draft flag id: draft - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const val = '${{ inputs.agent_pr_draft }}' === 'true'; @@ -282,7 +282,7 @@ jobs: - name: Resolve post-agent comment flag id: agent_comment - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const val = '${{ inputs.post_agent_comment }}' === 'true'; @@ -291,7 +291,7 @@ jobs: - name: Resolve keepalive opt-in if: ${{ steps.ctx.outputs.has_issue == 'true' }} id: keepalive - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: DEFAULT_BASE: ${{ steps.refs.outputs.base || '' }} with: @@ -422,7 +422,7 @@ jobs: echo "Keepalive mode: ${{ steps.keepalive.outputs.mode || 'OFF' }} (source: ${{ steps.keepalive.outputs.source || 'default' }})" - name: Publish bridge summary - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const agent = (process.env.AGENT || '').trim(); @@ -499,7 +499,7 @@ jobs: - name: Invite human to open PR (invite mode) if: ${{ steps.ctx.outputs.has_issue == 'true' && steps.mode.outputs.mode == 'invite' }} id: invite - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: BRANCH: ${{ steps.mk.outputs.branch }} KEEPALIVE_MODE: ${{ steps.keepalive.outputs.mode || 'OFF' }} @@ -689,7 +689,7 @@ jobs: - name: Open or reuse PR (create mode) if: ${{ steps.ctx.outputs.has_issue == 'true' && steps.mode.outputs.mode != 'invite' }} id: pr - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: BRANCH: ${{ steps.mk.outputs.branch }} KEEPALIVE_MODE: ${{ steps.keepalive.outputs.mode || 'OFF' }} @@ -839,7 +839,7 @@ jobs: - name: Label PR with agent if: ${{ steps.ctx.outputs.has_issue == 'true' && steps.mode.outputs.mode != 'invite' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR: ${{ steps.pr.outputs.number }} AGENT: ${{ steps.agent_label.outputs.agent || inputs.agent }} @@ -856,7 +856,7 @@ jobs: - name: Post issue context on PR if: ${{ steps.ctx.outputs.has_issue == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: ISSUE_BODY: ${{ steps.pr.outputs.issue_body }} ISSUE_TITLE: ${{ steps.pr.outputs.issue_title }} @@ -983,7 +983,7 @@ jobs: - name: Post agent command as service user if: ${{ steps.ctx.outputs.has_issue == 'true' && steps.mode.outputs.mode != 'invite' && env.SERVICE_BOT_PAT != '' && steps.agent_comment.outputs.post == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: AGENT: ${{ steps.agent_label.outputs.agent || inputs.agent }} with: @@ -1001,7 +1001,7 @@ jobs: - name: Post agent command (fallback as github-actions) if: ${{ steps.ctx.outputs.has_issue == 'true' && steps.mode.outputs.mode != 'invite' && env.SERVICE_BOT_PAT == '' && steps.agent_comment.outputs.post == 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: AGENT: ${{ steps.agent_label.outputs.agent || inputs.agent }} with: @@ -1018,7 +1018,7 @@ jobs: - name: Prompt human to post agent command if: ${{ steps.ctx.outputs.has_issue == 'true' && steps.mode.outputs.mode != 'invite' && steps.agent_comment.outputs.post != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: AGENT: ${{ steps.agent_label.outputs.agent || inputs.agent }} with: @@ -1045,7 +1045,7 @@ jobs: - name: Link PR on original issue (fallback) if: ${{ steps.ctx.outputs.has_issue == 'true' && steps.mode.outputs.mode != 'invite' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: KEEPALIVE_MODE: ${{ steps.keepalive.outputs.mode || 'OFF' }} AGENT: ${{ steps.agent_label.outputs.agent || inputs.agent }} diff --git a/.github/workflows/reusable-agents-verifier.yml b/.github/workflows/reusable-agents-verifier.yml index 26f34974a..037ab3d3d 100644 --- a/.github/workflows/reusable-agents-verifier.yml +++ b/.github/workflows/reusable-agents-verifier.yml @@ -37,12 +37,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout caller repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -55,7 +55,7 @@ jobs: - name: Wait for CI workflows to complete id: wait_ci - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: CI_WORKFLOWS: ${{ inputs.ci_workflows }} CI_WAIT_TIMEOUT_MS: ${{ inputs.ci_wait_timeout_ms }} @@ -120,7 +120,7 @@ jobs: - name: Build verifier context id: context - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: CI_WORKFLOWS: ${{ inputs.ci_workflows }} with: @@ -229,7 +229,7 @@ jobs: - name: Open follow-up issue on verifier failure id: failure_issue if: steps.context.outputs.should_run == 'true' && (steps.verdict.outputs.verdict == 'fail' || steps.verdict.outputs.verdict == 'error') - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_URL: ${{ steps.context.outputs.pr_html_url }} RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/reusable-bot-comment-handler.yml b/.github/workflows/reusable-bot-comment-handler.yml index 6aaec2b46..c42565497 100644 --- a/.github/workflows/reusable-bot-comment-handler.yml +++ b/.github/workflows/reusable-bot-comment-handler.yml @@ -104,7 +104,7 @@ jobs: - name: Detect agent from PR labels id: agent - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ steps.auth.outputs.token }} script: | @@ -145,7 +145,7 @@ jobs: - name: Collect unresolved bot comments id: collect - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ steps.auth.outputs.token }} script: | @@ -225,7 +225,7 @@ jobs: - name: Post summary if: steps.collect.outputs.found == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COMMENTS_JSON: ${{ steps.collect.outputs.comments }} with: @@ -268,7 +268,7 @@ jobs: prompt_ready: ${{ steps.prompt.outputs.ready }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Generate bot comments prompt id: prompt @@ -350,7 +350,7 @@ jobs: - name: Assign agent and post context comment id: dispatch - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ steps.auth.outputs.token }} script: | diff --git a/.github/workflows/reusable-codex-run.yml b/.github/workflows/reusable-codex-run.yml index 20927df9c..1e9592d0d 100644 --- a/.github/workflows/reusable-codex-run.yml +++ b/.github/workflows/reusable-codex-run.yml @@ -157,7 +157,7 @@ jobs: printf 'Checkout auth: %s; push permitted with app token: %s.\n' "$source" "$push_allowed" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ inputs.pr_ref || github.ref }} @@ -167,7 +167,7 @@ jobs: # These scripts are in stranske/Workflows but need to be available when # this reusable workflow runs in consumer repos - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -543,7 +543,7 @@ jobs: - name: Post completion checkpoint comment id: completion_comment if: steps.commit.outputs.changes-made == 'true' && inputs.pr_number != '' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} COMMIT_SHA: ${{ steps.commit.outputs.commit-sha }} @@ -570,7 +570,7 @@ jobs: - name: Classify failure type id: classify_failure if: always() && steps.run_codex.outputs.exit-code != '0' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: EXIT_CODE: ${{ steps.run_codex.outputs.exit-code }} OUTPUT_SUMMARY: ${{ steps.run_codex.outputs.final-message-summary }} @@ -728,7 +728,7 @@ jobs: - name: Post PR comment on non-transient failure if: always() && steps.run_codex.outputs.exit-code != '0' && steps.classify_failure.outputs.is_transient != 'true' && inputs.pr_number != '' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} EXIT_CODE: ${{ steps.run_codex.outputs.exit-code }} @@ -818,7 +818,7 @@ jobs: - name: Add needs-attention label on non-transient failure if: always() && steps.run_codex.outputs.exit-code != '0' && steps.classify_failure.outputs.is_transient != 'true' && inputs.pr_number != '' continue-on-error: true - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PR_NUMBER: ${{ inputs.pr_number }} with: diff --git a/.github/workflows/selftest-ci.yml b/.github/workflows/selftest-ci.yml index a65e716e4..dafd41725 100644 --- a/.github/workflows/selftest-ci.yml +++ b/.github/workflows/selftest-ci.yml @@ -15,7 +15,7 @@ jobs: name: JavaScript Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Node.js uses: actions/setup-node@v4 @@ -29,7 +29,7 @@ jobs: name: Python Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -50,7 +50,7 @@ jobs: name: Lint, Format & YAML Validation runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 diff --git a/.github/workflows/selftest-reusable-ci.yml b/.github/workflows/selftest-reusable-ci.yml index 53275f331..6849ff6e1 100644 --- a/.github/workflows/selftest-reusable-ci.yml +++ b/.github/workflows/selftest-reusable-ci.yml @@ -64,7 +64,7 @@ jobs: steps: - name: Check API quota id: check - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: # Higher threshold than orchestrator (1000) so keepalive runs first RATE_LIMIT_THRESHOLD: '2000' @@ -200,7 +200,7 @@ jobs: - name: Verify matrix artifacts id: verify - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: PYTHON_VERSIONS: ${{ env.REQUESTED_PYTHONS }} SCENARIO_LIST: ${{ env.SCENARIO_LIST }} @@ -459,7 +459,7 @@ jobs: - name: Publish PR comment if: ${{ env.MODE == 'comment' && env.POST_TO == 'pr-number' }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: MARKER: '' TABLE: ${{ env.SUMMARY_TABLE }} diff --git a/templates/ci-basic.yml b/templates/ci-basic.yml index 56e524150..30d0e5c50 100644 --- a/templates/ci-basic.yml +++ b/templates/ci-basic.yml @@ -22,7 +22,7 @@ jobs: name: Lint & Format runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -42,7 +42,7 @@ jobs: name: Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -70,7 +70,7 @@ jobs: name: Type Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 diff --git a/templates/ci-full.yml b/templates/ci-full.yml index 05562876e..ad700be76 100644 --- a/templates/ci-full.yml +++ b/templates/ci-full.yml @@ -29,7 +29,7 @@ jobs: name: Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -55,7 +55,7 @@ jobs: name: Lint & Format runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -78,7 +78,7 @@ jobs: name: Type Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python uses: actions/setup-python@v5 @@ -103,7 +103,7 @@ jobs: # CUSTOMIZE: Python versions to test python-version: ['3.11', '3.12'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Python ${{ matrix.python-version }} uses: actions/setup-python@v5 diff --git a/templates/consumer-repo/.github/workflows/agents-autofix-loop.yml b/templates/consumer-repo/.github/workflows/agents-autofix-loop.yml index 23a343272..4fcf3ff20 100644 --- a/templates/consumer-repo/.github/workflows/agents-autofix-loop.yml +++ b/templates/consumer-repo/.github/workflows/agents-autofix-loop.yml @@ -39,7 +39,7 @@ jobs: security_reason: ${{ steps.security_gate.outputs.reason }} steps: - name: Checkout (for security gate) - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts/prompt_injection_guard.js @@ -47,7 +47,7 @@ jobs: - name: Security gate - prompt injection guard id: security_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -102,7 +102,7 @@ jobs: - name: Evaluate workflow_run id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const run = context.payload.workflow_run; @@ -318,7 +318,7 @@ jobs: environment: agent-standard steps: - name: Add needs-human label and comment - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const prNumber = Number('${{ needs.prepare.outputs.pr_number }}'); @@ -372,7 +372,7 @@ jobs: steps: - name: Collect metrics id: collect - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -492,7 +492,7 @@ jobs: PY - name: Upload metrics artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: agents-autofix-metrics path: autofix-metrics.ndjson diff --git a/templates/consumer-repo/.github/workflows/agents-bot-comment-handler.yml b/templates/consumer-repo/.github/workflows/agents-bot-comment-handler.yml index cc451426b..7b6c21eed 100644 --- a/templates/consumer-repo/.github/workflows/agents-bot-comment-handler.yml +++ b/templates/consumer-repo/.github/workflows/agents-bot-comment-handler.yml @@ -61,7 +61,7 @@ jobs: steps: - name: Resolve PR number and check conditions id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const eventName = context.eventName; @@ -162,7 +162,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Remove trigger label - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | try { diff --git a/templates/consumer-repo/.github/workflows/agents-guard.yml b/templates/consumer-repo/.github/workflows/agents-guard.yml index 7a3e22585..0a96eb24c 100644 --- a/templates/consumer-repo/.github/workflows/agents-guard.yml +++ b/templates/consumer-repo/.github/workflows/agents-guard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout base ref for safety validation if: github.event_name == 'pull_request_target' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.base.sha }} sparse-checkout: | @@ -42,7 +42,7 @@ jobs: - name: Verify pull_request_target safety invariants if: github.event_name == 'pull_request_target' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const path = require('path'); @@ -58,7 +58,7 @@ jobs: - name: Checkout PR head for pull_request event if: github.event_name == 'pull_request' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts/agents-guard.js @@ -66,7 +66,7 @@ jobs: - name: Evaluate protected file changes id: evaluate - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const fs = require('fs'); @@ -281,7 +281,7 @@ jobs: - name: Post guard failure comment if: steps.evaluate.outputs.blocked == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: COMMENT_BODY_B64: ${{ steps.evaluate.outputs.comment_body_b64 }} COMMENT_MARKER: ${{ steps.evaluate.outputs.marker }} @@ -399,7 +399,7 @@ jobs: - name: Report agents guard commit status if: always() - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: BLOCKED: ${{ steps.evaluate.outputs.blocked || 'false' }} SUMMARY: ${{ steps.evaluate.outputs.summary }} diff --git a/templates/consumer-repo/.github/workflows/agents-issue-intake.yml b/templates/consumer-repo/.github/workflows/agents-issue-intake.yml index e4b51a4d7..2a3be2da0 100644 --- a/templates/consumer-repo/.github/workflows/agents-issue-intake.yml +++ b/templates/consumer-repo/.github/workflows/agents-issue-intake.yml @@ -65,7 +65,7 @@ jobs: steps: - name: Check labels and extract info id: check - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const eventName = context.eventName; diff --git a/templates/consumer-repo/.github/workflows/agents-keepalive-loop.yml b/templates/consumer-repo/.github/workflows/agents-keepalive-loop.yml index 6dcebe889..f070017f6 100644 --- a/templates/consumer-repo/.github/workflows/agents-keepalive-loop.yml +++ b/templates/consumer-repo/.github/workflows/agents-keepalive-loop.yml @@ -72,12 +72,12 @@ jobs: steps: # Dual checkout pattern: consumer repo for context, Workflows repo for scripts - name: Checkout consumer repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: consumer - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -97,7 +97,7 @@ jobs: - name: Security gate - prompt injection guard id: security_gate - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: INPUT_PR_NUMBER: ${{ inputs.pr_number || '' }} with: @@ -180,7 +180,7 @@ jobs: - name: Evaluate keepalive conditions id: evaluate if: steps.security_gate.outputs.blocked != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: INPUT_PR_NUMBER: ${{ inputs.pr_number || '' }} with: @@ -282,7 +282,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -292,7 +292,7 @@ jobs: fetch-depth: 1 - name: Update summary with running status - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -342,7 +342,7 @@ jobs: environment: agent-standard steps: - name: Checkout Workflows scripts - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stranske/Workflows ref: main @@ -419,7 +419,7 @@ jobs: echo "$metrics_json" >> keepalive-metrics.ndjson - name: Upload keepalive metrics artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: keepalive-metrics path: keepalive-metrics.ndjson @@ -428,7 +428,7 @@ jobs: - name: Auto-reconcile task checkboxes if: needs.run-codex.outputs.changes-made == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -461,7 +461,7 @@ jobs: core.setOutput('reconciliation_details', result.details); - name: Update summary comment - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: CODEX_SUMMARY: ${{ needs.run-codex.outputs.final-message-summary || '' }} with: diff --git a/templates/consumer-repo/.github/workflows/agents-pr-meta.yml b/templates/consumer-repo/.github/workflows/agents-pr-meta.yml index 58300b0c5..e56a4db3b 100644 --- a/templates/consumer-repo/.github/workflows/agents-pr-meta.yml +++ b/templates/consumer-repo/.github/workflows/agents-pr-meta.yml @@ -106,7 +106,7 @@ jobs: steps: - name: Resolve PR from workflow_run id: resolve - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const run = context.payload.workflow_run; diff --git a/templates/consumer-repo/.github/workflows/maint-coverage-guard.yml b/templates/consumer-repo/.github/workflows/maint-coverage-guard.yml index bb033bc03..6c0a199c0 100644 --- a/templates/consumer-repo/.github/workflows/maint-coverage-guard.yml +++ b/templates/consumer-repo/.github/workflows/maint-coverage-guard.yml @@ -35,11 +35,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Locate latest Gate workflow run id: discover - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -79,7 +79,7 @@ jobs: - name: Download coverage trend artifact if: ${{ steps.discover.outputs.run_id }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 continue-on-error: true with: name: gate-coverage-trend @@ -89,7 +89,7 @@ jobs: - name: Download coverage artifact if: ${{ steps.discover.outputs.run_id }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 continue-on-error: true with: pattern: gate-coverage-* diff --git a/templates/consumer-repo/.github/workflows/pr-00-gate.yml b/templates/consumer-repo/.github/workflows/pr-00-gate.yml index 5511d00b4..f8f106e65 100644 --- a/templates/consumer-repo/.github/workflows/pr-00-gate.yml +++ b/templates/consumer-repo/.github/workflows/pr-00-gate.yml @@ -65,7 +65,7 @@ jobs: description: ${{ steps.summarize.outputs.description }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: sparse-checkout: | .github/scripts @@ -111,7 +111,7 @@ jobs: - name: Report Gate commit status if: ${{ always() }} - uses: actions/github-script@v7 + uses: actions/github-script@v8 env: STATE: ${{ steps.summarize.outputs.state || 'pending' }} DESCRIPTION: ${{ steps.summarize.outputs.description || 'Gate status pending' }} diff --git a/templates/cosmetic-repair.yml b/templates/cosmetic-repair.yml index ccac27f42..c975e502e 100644 --- a/templates/cosmetic-repair.yml +++ b/templates/cosmetic-repair.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/templates/dependency-refresh.yml b/templates/dependency-refresh.yml index e5acbdb30..df9626ac3 100644 --- a/templates/dependency-refresh.yml +++ b/templates/dependency-refresh.yml @@ -35,7 +35,7 @@ jobs: DRY_RUN: ${{ inputs.dry-run || 'false' }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/templates/integration-repo/.github/workflows/ci.yml b/templates/integration-repo/.github/workflows/ci.yml index 0aa8822f1..96fcd614d 100644 --- a/templates/integration-repo/.github/workflows/ci.yml +++ b/templates/integration-repo/.github/workflows/ci.yml @@ -96,7 +96,7 @@ jobs: contents: read steps: - name: Open issue in Workflows repo - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.ACTIONS_BOT_PAT }} script: | diff --git a/templates/integration-repo/.github/workflows/notify-workflows.yml b/templates/integration-repo/.github/workflows/notify-workflows.yml index 56eb42da9..c9600fe9f 100644 --- a/templates/integration-repo/.github/workflows/notify-workflows.yml +++ b/templates/integration-repo/.github/workflows/notify-workflows.yml @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout this repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: integration-tests