chore(deps): bump actions/checkout from 6 to 7 by igerber · Pull Request #550 · igerber/diff-diff · GitHub
Skip to content

chore(deps): bump actions/checkout from 6 to 7#550

Merged
igerber merged 1 commit into
mainfrom
chore/bump-actions-checkout-v7
Jun 25, 2026
Merged

chore(deps): bump actions/checkout from 6 to 7#550
igerber merged 1 commit into
mainfrom
chore/bump-actions-checkout-v7

Conversation

@igerber

@igerber igerber commented Jun 25, 2026

Copy link
Copy Markdown
Owner

Summary

Bumps actions/checkout v6 → v7 across all 5 workflow files. This is a
recreation of Dependabot PR #541 as a same-repo PR, because Dependabot's
restricted security context blocks our pipeline:

  • the runner gets a read-only GITHUB_TOKEN + the separate "Dependabot" secret
    store (so secret-needing jobs can't authenticate), and
  • the Codex reviewer action hard-refuses to run for the dependabot[bot] actor
    (must have write access ... Detected permission: 'none').

Recreating under a normal actor lets full CI and the AI review run. Once this
merges, Dependabot will auto-close #541 (it detects checkout is already at v7).

Safety note

actions/checkout v7's headline change blocks fork-PR checkout under
pull_request_target / workflow_run. No workflow in this repo uses those
triggers
ai_pr_review.yml runs on pull_request + issue_comment and
already guards is_fork == 'false' — so the bump is a no-op behavior change here.

Changes

13 identical uses: actions/checkout@v6@v7 swaps across:
ai_pr_review.yml, docs-tests.yml, notebooks.yml, publish.yml, rust-test.yml.

Replaces #541.

🤖 Generated with Claude Code

Recreate of Dependabot PR #541 as a same-repo PR so full CI and the
Codex AI review can run (Dependabot's restricted context blocks both:
read-only token + separate secret store, and the reviewer action
refuses to run for the dependabot[bot] actor).

actions/checkout v7's headline change blocks fork-PR checkout under
pull_request_target / workflow_run; no workflow here uses those
triggers, so the bump is a no-op behavior change for this repo.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@igerber igerber added the ready-for-ci Triggers CI test workflows label Jun 25, 2026
@github-actions

Copy link
Copy Markdown

@igerber igerber merged commit cfd8db3 into main Jun 25, 2026
33 of 34 checks passed
@igerber igerber deleted the chore/bump-actions-checkout-v7 branch June 25, 2026 21:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ready-for-ci Triggers CI test workflows

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant