Skip to content

ci: update actions/checkout v6 -> v7#2417

Merged
tbennun merged 1 commit into
spcl:mainfrom
romanc:romanc/gha-checkout-v7
Jul 1, 2026
Merged

ci: update actions/checkout v6 -> v7#2417
tbennun merged 1 commit into
spcl:mainfrom
romanc:romanc/gha-checkout-v7

Conversation

@romanc

@romanc romanc commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Description

This PR updates actions/checkout from v6 to the latest v7. No breakage is expected from reading the change log.

This PR updates `actions/checkout` from `v6` to the latest `v7`. No breakage is expected from reading the change log.
@tbennun

tbennun commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

@romanc can I ask why? Is there any new feature enabled here or security fix?

@tbennun

tbennun commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

cscs-ci run

@romanc

romanc commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

@romanc can I ask why? Is there any new feature enabled here or security fix?

This pull request keeps actions/checkout up to date by updating from the v6 to the v7 tag. Tags are rolling within a major release, but major releases need to be updated manually (since they may contain breaking changes).

Compared to v6, v7 will refuse to checkout fork pull request code from a workflow triggered by pull_request_target or workflow_run. This guards against so called "pwn requests" as explained inthis guide. As far as I could see, dace is neither using pull_request_target nor workflow_run. It should thus be safe to update without any hickups. In addition to this new security feature, v7 comes with updated dependencies.

@tbennun tbennun enabled auto-merge July 1, 2026 03:31
@tbennun tbennun added this pull request to the merge queue Jul 1, 2026
Merged via the queue into spcl:main with commit feb0df9 Jul 1, 2026
16 checks passed
@tbennun tbennun deleted the romanc/gha-checkout-v7 branch July 1, 2026 04:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants