Skip to content

chore(deps): bump actions/checkout from 4 to 5 #6157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hanabi1224 merged 1 commit into from
Oct 13, 2025
Merged

chore(deps): bump actions/checkout from 4 to 5 #6157

hanabi1224 merged 1 commit into from
Oct 13, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025
edited by coderabbitai bot
Loading

Bumps actions/checkout from 4 to 5.

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Upgraded repository checkout action to v5 across all CI workflows for improved stability and compatibility.
    • Allowed the sccache setup step to continue on error to reduce flaky CI failures.
    • Removed a token generation step in one automation workflow, simplifying the process without altering outcomes.
    • No changes to application features or behavior; builds, tests, releases, and documentation workflows continue to run as before.

@dependabot
chore(deps): bump actions/checkout from 4 to 5
483e255 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 13, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 13, 2025 09:30
@dependabot dependabot bot requested review from hanabi1224 and sudo-shashank and removed request for a team October 13, 2025 09:30
@dependabot dependabot bot added github_actions Pull requests that update GitHub Actions code dependencies Pull requests that update a dependency file labels Oct 13, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 13, 2025
edited
Loading

Walkthrough

Updates GitHub Actions workflows primarily by bumping actions/checkout from v4 to v5 across multiple files. Additionally, the butterflynet workflow marks the sccache setup step as continue-on-error, and the lotus-api-bump workflow removes a token-generation step.

Changes

Cohort / File(s) Summary of Changes
Checkout v4→v5 across workflows
.github/workflows/cargo-advisories.yml, .github/workflows/checkpoints.yml, .github/workflows/curio-devnet-publish.yml, .github/workflows/docker.yml, .github/workflows/dockerfile-check.yml, .github/workflows/docs-auto-update.yml, .github/workflows/docs-check.yml, .github/workflows/docs-deploy.yml, .github/workflows/docs-required-override.yml, .github/workflows/forest.yml, .github/workflows/go-lint.yml, .github/workflows/link-check.yml, .github/workflows/lotus-devnet-publish.yml, .github/workflows/release.yml, .github/workflows/release_dispatch.yml, .github/workflows/rpc-parity.yml, .github/workflows/rpc_test_repeat.yml, .github/workflows/rust-lint.yml, .github/workflows/scripts-lint.yml, .github/workflows/snapshot-parity.yml, .github/workflows/unit-tests.yml		 Replace all occurrences of uses: actions/checkout@v4 with uses: actions/checkout@v5. No other step logic changed.
Butterflynet workflow tweaks
.github/workflows/butterflynet.yml		 Bump actions/checkout v4→v5. Add continue-on-error: true to the sccache setup step.
Lotus API bump auth change
.github/workflows/lotus-api-bump.yml		 Bump actions/checkout v4→v5. Remove actions/create-github-app-token@v2 step; subsequent PR creation step remains.

Sequence Diagram(s)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • hanabi1224
  • sudo-shashank
  • LesnyRumcajs

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title “chore(deps): bump actions/checkout from 4 to 5” succinctly captures the scope and purpose of the changeset by specifying the dependency and its version update without extraneous information.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dependabot/github_actions/actions/checkout-5
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5685be4 and 483e255.

📒 Files selected for processing (23)
  • .github/workflows/butterflynet.yml (1 hunks)
  • .github/workflows/cargo-advisories.yml (1 hunks)
  • .github/workflows/checkpoints.yml (1 hunks)
  • .github/workflows/curio-devnet-publish.yml (1 hunks)
  • .github/workflows/docker.yml (3 hunks)
  • .github/workflows/dockerfile-check.yml (1 hunks)
  • .github/workflows/docs-auto-update.yml (1 hunks)
  • .github/workflows/docs-check.yml (1 hunks)
  • .github/workflows/docs-deploy.yml (1 hunks)
  • .github/workflows/docs-required-override.yml (2 hunks)
  • .github/workflows/forest.yml (22 hunks)
  • .github/workflows/go-lint.yml (1 hunks)
  • .github/workflows/link-check.yml (1 hunks)
  • .github/workflows/lotus-api-bump.yml (1 hunks)
  • .github/workflows/lotus-devnet-publish.yml (1 hunks)
  • .github/workflows/release.yml (2 hunks)
  • .github/workflows/release_dispatch.yml (2 hunks)
  • .github/workflows/rpc-parity.yml (1 hunks)
  • .github/workflows/rpc_test_repeat.yml (1 hunks)
  • .github/workflows/rust-lint.yml (2 hunks)
  • .github/workflows/scripts-lint.yml (5 hunks)
  • .github/workflows/snapshot-parity.yml (1 hunks)
  • .github/workflows/unit-tests.yml (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
  • GitHub Check: Build Ubuntu
  • GitHub Check: All lint checks
  • GitHub Check: cargo-publish-dry-run
  • GitHub Check: Build MacOS
  • GitHub Check: tests-release
  • GitHub Check: tests
  • GitHub Check: Build forest binaries on Linux AMD64
🔇 Additional comments (25)
.github/workflows/curio-devnet-publish.yml (1)

19-19: Checkout v5 bump looks good

Hosted ubuntu-24.04 runners meet the v5 runner requirement.

.github/workflows/butterflynet.yml (1)

22-22: Upgrade to checkout@v5 approved; verify runner version on arm runner

actions/checkout@v5 requires runner >= v2.327.1 and Node 24. Please confirm the ubuntu-24.04-arm runner satisfies this.

.github/workflows/go-lint.yml (1)

37-37: LGTM; confirm arm runner compatibility with checkout v5

Ensure the ubuntu-24.04-arm runner is >= v2.327.1 (required by checkout v5).

.github/workflows/rust-lint.yml (1)

48-48: Both checkout@v5 bumps look good; verify arm runner version

Please confirm ubuntu-24.04-arm runner is >= v2.327.1 for checkout v5.

Also applies to: 74-74

.github/workflows/rpc_test_repeat.yml (1)

32-32: LGTM; check runner meets v5 requirement

Confirm ubuntu-24.04-arm runner version >= v2.327.1 (checkout v5).

.github/workflows/forest.yml (1)

51-51: Consistent checkout@v5 adoption across jobs; verify non-hosted runners

  • macos-latest and ubuntu-24.04 GH-hosted runners are fine.
  • Please confirm buildjet-8vcpu-ubuntu-2204 and ubuntu-24.04-arm runners are >= v2.327.1 (required by checkout v5).
  • If any job needs submodules or full history, remember to set submodules: true and/or fetch-depth: 0 (unchanged behavior here).

Also applies to: 78-78, 101-101, 124-124, 146-146, 176-176, 202-202, 227-227, 249-249, 277-277, 299-299, 321-321, 343-343, 364-364, 385-385, 411-411, 441-441, 475-475, 521-521, 558-558, 577-577, 603-603

.github/workflows/link-check.yml (1)

33-33: OK to bump; validate arm runner version

Ensure ubuntu-24.04-arm runner is >= v2.327.1 for checkout v5.

.github/workflows/release_dispatch.yml (1)

25-25: Checkout@v5 bump approved; confirm publish runner version

Build job uses GH-hosted runners (OK). Please confirm ubuntu-24.04-arm runner used in publish job is >= v2.327.1 (checkout v5 requirement).

Also applies to: 62-62

.github/workflows/dockerfile-check.yml (1)

14-14: LGTM on checkout v5 upgrade.

.github/workflows/rpc-parity.yml (1)

19-19: LGTM on checkout v5 upgrade.

.github/workflows/unit-tests.yml (2)

44-44: LGTM on checkout v5 upgrade (tests job).

66-66: LGTM on checkout v5 upgrade (tests-release job).

.github/workflows/docs-auto-update.yml (1)

13-13: LGTM on checkout v5 upgrade.

.github/workflows/release.yml (2)

21-21: LGTM on checkout v5 upgrade (build job).

59-59: LGTM on checkout v5 upgrade (publish job).

.github/workflows/checkpoints.yml (1)

12-12: LGTM on checkout v5 upgrade.

.github/workflows/cargo-advisories.yml (1)

10-10: LGTM on checkout v5 upgrade.

.github/workflows/docs-deploy.yml (1)

31-31: Checkout v5 upgrade approved
No self-hosted runners detected; GitHub-hosted runners meet the Actions Runner ≥ v2.327.1 requirement.

.github/workflows/docs-required-override.yml (1)

35-35: Checkout upgraded to v5.

Looks consistent with repo-wide bump.

Also applies to: 49-49

.github/workflows/lotus-devnet-publish.yml (1)

19-19: Checkout v5 adoption approved.

No other flow changes.

.github/workflows/snapshot-parity.yml (1)

12-12: Checkout v5 is fine; verify BuildJet runner version.

actions/checkout@v5 needs runner >= v2.327.1. Please confirm BuildJet image satisfies this.

.github/workflows/docs-check.yml (1)

33-33: Checkout v5 change LGTM.

.github/workflows/lotus-api-bump.yml (1)

14-14: Checkout v5 upgrade approved. Also: summary inconsistency.

The PR summary says the token-generation step was removed, but it’s still present (Lines 31–37) and used by the PR step. Please ignore the summary discrepancy or adjust it.

.github/workflows/docker.yml (1)

57-57: Approve checkout action upgrade to v5
All workflows use actions/checkout@v5; no remaining @v4 references.

.github/workflows/scripts-lint.yml (1)

21-21: Approve bump to checkout v5
No behavior change expected; verified no actions/checkout@v4 references. Ensure runners ≥ v2.327.1.

Comment @coderabbitai help to get the list of available commands and usage tips.

@hanabi1224 hanabi1224 enabled auto-merge October 13, 2025 09:35
@hanabi1224 hanabi1224 added this pull request to the merge queue Oct 13, 2025
Merged via the queue into main with commit f47274f Oct 13, 2025
52 of 73 checks passed
@hanabi1224 hanabi1224 deleted the dependabot/github_actions/actions/checkout-5 branch October 13, 2025 10:13
@coderabbitai coderabbitai bot mentioned this pull request Nov 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hanabi1224 hanabi1224 hanabi1224 approved these changes

@sudo-shashank sudo-shashank sudo-shashank approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hanabi1224 @sudo-shashank