feat: add automated action version sync to templates#444
Merged
Conversation
Add workflow and script to keep templates in sync with action versions after Dependabot merges updates to .github/workflows/. New files: - .github/workflows/maint-sync-action-versions.yml: Automated workflow - scripts/sync_action_versions.sh: Manual sync script Also updates templates to current versions: - actions/checkout: v4 → v6 - actions/download-artifact: v4 → v7 - actions/upload-artifact: v4 → v6 - actions/cache: v4 → v5 This prevents the recurring issue where consumer repo syncs would downgrade action versions that were updated by their own Dependabot.
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
Contributor
Automated Status SummaryHead SHA: 815d407
Coverage Overview
Coverage Trend
Top Coverage Hotspots (lowest coverage)
Updated automatically; will refresh on subsequent CI/Docker completions. Keepalive checklistScope
Tasks
Acceptance criteria
|
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
Contributor
🤖 Keepalive Loop StatusPR #444 | Agent: Codex | Iteration 0/5 Current State
🔍 Failure Classification| Error type | infrastructure | |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds automation to keep GitHub Action versions synchronized between .github/workflows/ and templates/ directories. Previously, Dependabot would update action versions in workflows but not in templates, causing consumer repos to receive outdated versions when syncing.
Key changes:
- New automated workflow
maint-sync-action-versions.ymlthat triggers on workflow file changes and creates PRs to sync action versions to templates - Manual bash script
scripts/sync_action_versions.shfor local version synchronization - Initial template updates bringing them in sync with current workflow versions (actions/checkout v4→v6, actions/download-artifact v4→v7, actions/upload-artifact v4→v6, actions/github-script v8→v7)
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/maint-sync-action-versions.yml |
New automated workflow to extract action versions from workflows and update templates, creating PRs when changes are detected |
scripts/sync_action_versions.sh |
Manual bash script for local version synchronization with same logic as automated workflow |
templates/integration-repo/.github/workflows/notify-workflows.yml |
Updates actions/checkout from v4 to v6 |
templates/dependency-refresh.yml |
Updates actions/checkout from v4 to v6 |
templates/cosmetic-repair.yml |
Updates actions/checkout from v4 to v6 |
templates/consumer-repo/.github/workflows/pr-00-gate.yml |
Updates actions/checkout from v4 to v6 |
templates/consumer-repo/.github/workflows/maint-coverage-guard.yml |
Updates actions/checkout from v4 to v6 and actions/download-artifact from v4 to v7 |
templates/consumer-repo/.github/workflows/autofix.yml |
Syncs actions/github-script to v7 (matching main workflows) |
templates/consumer-repo/.github/workflows/agents-pr-meta.yml |
Syncs actions/github-script to v7 (matching main workflows) |
templates/consumer-repo/.github/workflows/agents-keepalive-loop.yml |
Updates actions/checkout from v4 to v6 and actions/upload-artifact from v4 to v6 |
templates/consumer-repo/.github/workflows/agents-guard.yml |
Updates actions/checkout from v4 to v6 |
templates/consumer-repo/.github/workflows/agents-autofix-loop.yml |
Updates actions/checkout from v4 to v6 and actions/upload-artifact from v4 to v6 |
templates/ci-full.yml |
Updates actions/checkout from v4 to v6 across multiple jobs |
templates/ci-basic.yml |
Updates actions/checkout from v4 to v6 across multiple jobs |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
✅ Codex Completion CheckpointCommit: No new completions recorded this round. About this commentThis comment is automatically generated to track task completions. |
agents-workflows-bot
bot
temporarily deployed
to
agent-high-privilege
agents-workflows-bot
bot
temporarily deployed
to
agent-high-privilege
- Revert checkout from v6 to v4 (v6 is very new, staying with v4 for stability) - Keep upload-artifact@v6 and download-artifact@v7 (matching main workflows) - Fix version comparison: use numeric instead of string comparison - Fix subshell variable issue: use for loop instead of pipe to while Addresses Copilot review comments on PR #444
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
agents-workflows-bot
bot
temporarily deployed
to
agent-high-privilege
github-actions
bot
added
autofix
Contributor
|
Status | ✅ no new diagnostics |
- SC2129: Use grouped redirects { ... } >> file for GITHUB_OUTPUT
- SC2044: Use find -exec instead of for loop over find output
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
25 tasks
stranske
added a commit
that referenced
this pull request
Jan 1, 2026
This commit updates all GitHub Action versions in templates to match what Dependabot has been updating in consumer repos: - actions/checkout: v4 → v6 - actions/github-script: v7 → v8 - actions/upload-artifact: v4 → v6 - actions/download-artifact: v4 → v7 - actions/cache: v4 → v5 - actions/setup-python: v4 → v5 - peter-evans/create-pull-request: v6 → v8 ROOT CAUSE: Templates had older action versions. When workflow-sync ran, it would DOWNGRADE consumer repos that Dependabot had updated. This caused a constant battle: Dependabot updates consumer → sync downgrades → Dependabot updates again → sync downgrades again. This fix, combined with PR #444 (automated sync), ensures templates stay current with Dependabot updates going forward.
54 tasks
stranske
added a commit
that referenced
this pull request
Jan 1, 2026
* fix: update ALL template action versions to latest This commit updates all GitHub Action versions in templates to match what Dependabot has been updating in consumer repos: - actions/checkout: v4 → v6 - actions/github-script: v7 → v8 - actions/upload-artifact: v4 → v6 - actions/download-artifact: v4 → v7 - actions/cache: v4 → v5 - actions/setup-python: v4 → v5 - peter-evans/create-pull-request: v6 → v8 ROOT CAUSE: Templates had older action versions. When workflow-sync ran, it would DOWNGRADE consumer repos that Dependabot had updated. This caused a constant battle: Dependabot updates consumer → sync downgrades → Dependabot updates again → sync downgrades again. This fix, combined with PR #444 (automated sync), ensures templates stay current with Dependabot updates going forward. * Update templates/dependency-refresh.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update templates/cosmetic-repair.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated Status Summary
Scope
GITHUB_STEP_SUMMARYoutput so iteration results are visible in the Actions UITasks
agent:codexlabelagents-keepalive-loop.ymlafter agent runbuildStatusBlock()inagents_pr_meta_update_body.jsto acceptagentTypeparameteragentTypeis set (CLI agent): hide workflow table, hide head SHA/required checksagent:*label):<!-- gate-summary: -->comment posting (use step summary instead)<!-- keepalive-round: N -->instruction comments (task appendix replaces this)<!-- keepalive-loop-summary -->to be the single source of truthagent:*label):<!-- gate-summary: -->commentagent_typeoutput to detect job so downstream workflows know the modeagents-pr-meta.ymlto conditionally skip gate summary for CLI agent PRsAcceptance criteria
Head SHA: 260aa8b
Latest Runs: ✅ success — Gate
Required: gate: ✅ success