Conversation
Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v9...v10) --- updated-dependencies: - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…actions/stale-10 Bump actions/stale from 9 to 10
…actions/setup-python-6 Bump actions/setup-python from 5 to 6
…actions/github-script-8 Bump actions/github-script from 7 to 8
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…actions/checkout-6 Bump actions/checkout from 5 to 6
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v8...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…docker/login-action-4 Bump docker/login-action from 3 to 4
…actions/github-script-9 Bump actions/github-script from 8 to 9
There was a problem hiding this comment.
Pull request overview
Updates GitHub Actions workflows to use newer major versions of several third-party actions.
Changes:
- Bump
actions/stalefromv9tov10. - Bump
actions/checkoutandactions/setup-pythontov6across CI workflows. - Bump
docker/login-actiontov4andactions/github-scripttov9.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/stale.yml |
Upgrades actions/stale major version. |
.github/workflows/ci-install.yml |
Upgrades checkout/setup-python/github-script action versions used in install CI. |
.github/workflows/ci-inference.yml |
Upgrades checkout action version used in inference CI. |
.github/workflows/ci-container.yml |
Upgrades checkout and Docker login action versions used in container CI. |
.github/workflows/ci-conda.yml |
Upgrades setup-python and checkout action versions used in conda CI. |
.github/workflows/ci-codecheck.yml |
Upgrades checkout and setup-python action versions used in lint/codecheck CI. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - uses: actions/checkout@v6 | ||
| with: | ||
| ref: ${{ steps.version.outputs.version }} | ||
| - name: Set up Python 3.8 | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@v6 | ||
| with: | ||
| python-version: 3.8 |
There was a problem hiding this comment.
This switches to actions/checkout@v6 / actions/setup-python@v6. Please confirm these major versions exist and that their breaking changes don’t affect this workflow (notably around checkout defaults and Python toolcache support). To reduce CI fragility/supply-chain risk, consider pinning to a commit SHA (or sticking to the repo’s current known-good major versions).
| nth: ["2"] | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - uses: actions/checkout@v6 |
There was a problem hiding this comment.
This updates checkout to actions/checkout@v6. Please confirm v6 exists and review any breaking changes (e.g., default fetch depth, submodules/LFS behavior, token handling) since an invalid tag or breaking default change will fail these inference CI jobs. Consider pinning to a commit SHA for reproducibility.
| - uses: actions/checkout@v6 | |
| - uses: actions/checkout@v4.2.2 # pin@692973e3d937129bcbf40652eb9f2f61becf3332 |
| - name: Set up Python 3.8 | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@v6 | ||
| with: | ||
| python-version: 3.8 | ||
| - uses: actions/checkout@v5 | ||
| - uses: actions/checkout@v6 | ||
| with: |
There was a problem hiding this comment.
This bumps actions/setup-python / actions/checkout to @v6. Please verify these tags exist and confirm they still support Python 3.8 and your desired checkout behavior; otherwise the conda build/publish workflow can start failing unexpectedly. Pinning to commit SHAs can help keep releases reproducible.
| - name: Checkout repository | ||
| uses: actions/checkout@v5 | ||
| uses: actions/checkout@v6 | ||
| with: | ||
| path: local |
There was a problem hiding this comment.
actions/checkout@v6 is a major-version bump. Please confirm the tag exists and that any default changes (token handling, fetch depth, etc.) won’t affect the container build context (this workflow relies on a local checkout path). Consider pinning to a commit SHA for reproducible builds.
|
|
||
| steps: | ||
| - uses: actions/stale@v9 | ||
| - uses: actions/stale@v10 |
There was a problem hiding this comment.
actions/stale@v10 is a major-version bump. Please confirm that the v10 tag exists and that no breaking input/behavior changes affect this workflow (otherwise the stale job will fail to run). Consider pinning to a specific commit SHA (or at least a verified major/minor tag) to avoid supply-chain and unexpected-breaking-change risk.
| - uses: actions/stale@v10 | |
| - uses: actions/stale@v9 |
| - uses: actions/checkout@v6 | ||
| - name: Set up Python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v5 | ||
| uses: actions/setup-python@v6 | ||
| with: |
There was a problem hiding this comment.
These workflows are updating to actions/checkout@v6 and actions/setup-python@v6. Please verify those major versions exist and review the release notes for breaking changes (e.g., default fetch behavior, token/persist-credentials defaults, and Python version availability). If the intent is simply to stay current, pin to the latest known-good major version for this repo (or a commit SHA) to avoid CI outages from invalid tags or breaking major updates.
| uses: actions/github-script@v9 | ||
| with: | ||
| script: | | ||
| core.setOutput("run", `${{ env.run }}`); |
There was a problem hiding this comment.
actions/github-script is being bumped to @v9, and this script currently injects ${{ env.run }} directly into a JavaScript template literal. If env.run ever contains backticks or ${...} (e.g., README updates), this can turn into a JS syntax error or unintended interpolation. Prefer reading the value from the environment inside the script (or writing directly to $GITHUB_OUTPUT in bash) so quoting/newlines are handled safely.
| core.setOutput("run", `${{ env.run }}`); | |
| core.setOutput("run", process.env.run || ""); |
| - name: Log in to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| uses: docker/login-action@v4 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USER }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} |
There was a problem hiding this comment.
docker/login-action@v4 is a major-version bump. Please confirm the v4 tag exists and review any breaking changes (especially around auth inputs and masking) to avoid breaking container builds/publishes. If stability is the goal, consider pinning to a commit SHA.
No description provided.