Skip to content

[CI] chore: Bump actions/checkout to v7 with persist-credentials: false#41

Merged
finallyjay merged 1 commit into
mainfrom
ci/checkout-v7-persist-credentials
Jun 29, 2026
Merged

[CI] chore: Bump actions/checkout to v7 with persist-credentials: false#41
finallyjay merged 1 commit into
mainfrom
ci/checkout-v7-persist-credentials

Conversation

@finallyjay

Copy link
Copy Markdown
Owner

Summary

Reemplaza a la PR #40 (Dependabot, cerrada). Adapta el workflow de lint de Markdown a actions/checkout@v7 y aplica el hardening propuesto por CodeRabbit/zizmor.

  • Bump actions/checkout@v6@v7.
  • persist-credentials: false — el job de lint no necesita conservar el GITHUB_TOKEN tras el checkout (mitiga artipacked).

No se aplica el pin a SHA (decisión intencional para mantener consistencia con el resto de acciones referenciadas por tag).

Test plan

  • CodeQL pasa
  • CodeRabbit ya no reporta artipacked
  • El job markdownlint se ejecuta correctamente

🤖 Generated with Claude Code

…tence

Adapts the markdown lint workflow to actions/checkout@v7 and sets
persist-credentials: false so the lint-only job does not retain the
default GITHUB_TOKEN after checkout (CodeRabbit/zizmor artipacked).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a812c4d5-d797-426e-8a9f-983a045afe64

📥 Commits

Reviewing files that changed from the base of the PR and between ea45436 and 1e6d234.

📒 Files selected for processing (1)
  • .github/workflows/lint-markdown.yml
📜 Recent review details
⏰ Context from checks skipped due to timeout. (1)
  • GitHub Check: Analyze (actions)
🔇 Additional comments (1)
.github/workflows/lint-markdown.yml (1)

15-17: LGTM!


📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Updated the markdown lint workflow to use a newer checkout action version for CI maintenance.

Walkthrough

The GitHub Actions markdown lint workflow updates actions/checkout from @v6 to @v7, with persist-credentials: false unchanged.

Changes

CI Workflow Update

Layer / File(s) Summary
actions/checkout bump
.github/workflows/lint-markdown.yml
actions/checkout version updated from @v6 to @v7 in the markdownlint job step.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A hop, a skip, from v6 to v7 we leap,
The checkout action now runs fresh and deep.
🐇 No credentials left behind,
Just cleaner CI of a newer kind!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main CI workflow change: bumping actions/checkout to v7 and disabling credential persistence.
Description check ✅ Passed The description includes the required Summary and Test plan sections and explains the change and rationale clearly.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/checkout-v7-persist-credentials

Comment @coderabbitai help to get the list of available commands.

@finallyjay finallyjay merged commit 3289954 into main Jun 29, 2026
3 checks passed
@finallyjay finallyjay deleted the ci/checkout-v7-persist-credentials branch June 29, 2026 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant