diff --git a/.github/workflows/backend-image-smoke.yml b/.github/workflows/backend-image-smoke.yml index b71006863..052862fe8 100644 --- a/.github/workflows/backend-image-smoke.yml +++ b/.github/workflows/backend-image-smoke.yml @@ -75,7 +75,7 @@ jobs: COMPOSE_PROJECT_NAME: trinity-smoke steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Generate boot secrets (.env) # docker-compose.prod.yml fails to render unless ADMIN_PASSWORD, diff --git a/.github/workflows/backend-unit-nightly.yml b/.github/workflows/backend-unit-nightly.yml index 518c8eb4d..17a4f408e 100644 --- a/.github/workflows/backend-unit-nightly.yml +++ b/.github/workflows/backend-unit-nightly.yml @@ -82,7 +82,7 @@ jobs: matrix: ${{ fromJSON(needs.discover.outputs.matrix) }} steps: - name: Checkout origin/dev (no PR creds) - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: ref: dev fetch-depth: 1 diff --git a/.github/workflows/backend-unit-test.yml b/.github/workflows/backend-unit-test.yml index fb36f66da..c9f48842f 100644 --- a/.github/workflows/backend-unit-test.yml +++ b/.github/workflows/backend-unit-test.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 2 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 1 persist-credentials: false @@ -64,7 +64,7 @@ jobs: seed: [12345, 67890, 99999] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: # `pull_request` checks out the synthetic merge commit by default. # We capture the diff script before any branch switch so it @@ -132,7 +132,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/build-without-submodule.yml b/.github/workflows/build-without-submodule.yml index 3b10ef3af..8d947b641 100644 --- a/.github/workflows/build-without-submodule.yml +++ b/.github/workflows/build-without-submodule.yml @@ -43,7 +43,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout WITHOUT submodules - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: submodules: false # explicit — the whole point of this job fetch-depth: 1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 77fc9449f..3e5470672 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,7 +29,7 @@ jobs: language: [python, javascript-typescript] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Initialize CodeQL uses: github/codeql-action/init@v4 diff --git a/.github/workflows/container-security.yml b/.github/workflows/container-security.yml index 20d1f4915..3a44f44c4 100644 --- a/.github/workflows/container-security.yml +++ b/.github/workflows/container-security.yml @@ -58,7 +58,7 @@ jobs: timeout-minutes: 20 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 # need base history to diff the PR's changed paths diff --git a/.github/workflows/enterprise-docs-guard.yml b/.github/workflows/enterprise-docs-guard.yml index 9a8b16bf6..3266e7b58 100644 --- a/.github/workflows/enterprise-docs-guard.yml +++ b/.github/workflows/enterprise-docs-guard.yml @@ -31,7 +31,7 @@ jobs: guard: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 - name: Scan live public docs for enterprise disclosure run: | set -uo pipefail diff --git a/.github/workflows/frontend-build.yml b/.github/workflows/frontend-build.yml index 2d3b5ec13..f495016f9 100644 --- a/.github/workflows/frontend-build.yml +++ b/.github/workflows/frontend-build.yml @@ -18,7 +18,7 @@ jobs: run: working-directory: src/frontend steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: diff --git a/.github/workflows/frontend-e2e.yml b/.github/workflows/frontend-e2e.yml index c37fa435e..381454817 100644 --- a/.github/workflows/frontend-e2e.yml +++ b/.github/workflows/frontend-e2e.yml @@ -18,7 +18,7 @@ jobs: working-directory: src/frontend steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: @@ -30,7 +30,7 @@ jobs: run: npm ci - name: Cache Playwright browsers - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ~/.cache/ms-playwright key: playwright-${{ runner.os }}-${{ hashFiles('src/frontend/package-lock.json') }} diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml index 312162d2b..4b9efbb9d 100644 --- a/.github/workflows/publish-cli.yml +++ b/.github/workflows/publish-cli.yml @@ -23,7 +23,7 @@ jobs: outputs: version: ${{ steps.version.outputs.version }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 # Need full history for tag detection @@ -107,7 +107,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Wait for PyPI availability run: | diff --git a/.github/workflows/schema-parity.yml b/.github/workflows/schema-parity.yml index 6a73f7daf..2036a9732 100644 --- a/.github/workflows/schema-parity.yml +++ b/.github/workflows/schema-parity.yml @@ -38,7 +38,7 @@ jobs: schema-parity: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 # need base history to diff the PR's changed paths diff --git a/.github/workflows/sync-docs-to-vertex.yml b/.github/workflows/sync-docs-to-vertex.yml index 31061e519..b3dde024b 100644 --- a/.github/workflows/sync-docs-to-vertex.yml +++ b/.github/workflows/sync-docs-to-vertex.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Authenticate to Google Cloud # SHA-pinned to mitigate supply-chain hijack of the v2 floating tag.