Skip to content

chore: bump actions/checkout to v7 + add dependabot version updates#14

Merged
felickz merged 2 commits into
mainfrom
copilot/bump-actions-checkout-add-dependabot
Jun 22, 2026
Merged

chore: bump actions/checkout to v7 + add dependabot version updates#14
felickz merged 2 commits into
mainfrom
copilot/bump-actions-checkout-add-dependabot

Conversation

Copilot AI commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR updates all SHA-pinned actions/checkout references in CI from v4.2.2 to v7 and introduces Dependabot grouped version updates for every detected ecosystem in this repo. The checkout bump is explicit because SHA-pinned older refs do not inherit the July 16 safer pull_request_target backport.

  • CI checkout pin refresh

    • Replaced all 3 actions/checkout pins in .github/workflows/ci.yml with 9c091bb... (v7.0.0).

  • Dependabot grouped updates with cooldown

    • Added .github/dependabot.yml.
    • Configured grouped updates for:
      • github-actions
      • pip
    • Set cooldown.default-days: 7 for both ecosystems.
# .github/workflows/ci.yml
- name: Checkout code
  uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

Copilot AI requested a review from felickz June 22, 2026 15:57
@felickz felickz marked this pull request as ready for review June 22, 2026 17:26
@felickz felickz requested a review from theztefan as a code owner June 22, 2026 17:26
@felickz felickz requested a review from Copilot June 22, 2026 17:27
Copilot AI reviewed Jun 22, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refreshes GitHub Actions usage by updating the pinned actions/checkout SHA in the CI workflow and adds a new Dependabot configuration to automate grouped dependency updates on a weekly cadence with a cooldown period.

Changes:

  • Bumped all actions/checkout pins in .github/workflows/ci.yml to the v7.0.0 commit SHA.
  • Added .github/dependabot.yml to enable grouped Dependabot version updates for GitHub Actions and Python dependencies, with a 7-day cooldown.
Show a summary per file
File Description
.github/workflows/ci.yml Updates the SHA-pinned actions/checkout used across CI jobs.
.github/dependabot.yml Introduces grouped Dependabot version updates with a 7-day cooldown for configured ecosystems.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 1

Comment thread .github/dependabot.yml Outdated
@felickz
Potential fix for pull request finding
4126a2e 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
felickz
felickz approved these changes Jun 22, 2026
View reviewed changes

@felickz felickz left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:octocat: 👍

@felickz felickz merged commit 0a7c5ad into main Jun 22, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@theztefan theztefan Awaiting requested review from theztefan theztefan is a code owner

+1 more reviewer

@felickz felickz felickz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@felickz felickz

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@felickz