Skip to content

chore(deps): update actions/checkout action to v5.0.1 #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update actions/checkout action to v5.0.1 #279

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 24, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action patch v5.0.0 -> v5.0.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/checkout (actions/checkout)

v5.0.1

Compare Source

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Configuration

📅 Schedule: Branch creation - "before 2am every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added bot Automated pull requests or issues dependencies Pull requests that update a dependency file renovate Pull requests from Renovate skip:codecov Skip Codecov reporting and check labels Nov 24, 2025
@renovate renovate bot added skip:test:long_running Skip long-running tests (≥5min) dependencies Pull requests that update a dependency file bot Automated pull requests or issues renovate Pull requests from Renovate skip:codecov Skip Codecov reporting and check labels Nov 24, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 24, 2025
edited
Loading

Claude finished @renovate[bot]'s task —— View job

PR Review Complete: Update actions/checkout to v5.0.1 ✅

Summary

This PR updates actions/checkout from v5.0.0 to v5.0.1 across all 16 workflow files. The changes are consistent, safe, and recommended for merge.

Review Findings

✅ Changes Are Consistent

All 16 workflow files correctly updated:

  • Old: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
  • New: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1

Files updated:

  1. _audit.yml
  2. _build-native-only.yml
  3. _claude-code.yml
  4. _codeql.yml
  5. _docker-publish.yml
  6. _ketryx_report_and_check.yml
  7. _lint.yml
  8. _package-publish.yml (2 occurrences)
  9. _scheduled-audit.yml
  10. _scheduled-test-daily.yml
  11. _scheduled-test-hourly.yml
  12. _scheduled-test-stress.yml
  13. _test.yml
  14. build-native-only.yml
  15. ci-cd.yml
  16. labels-sync.yml

Verification: 17 total replacements (16 files, with _package-publish.yml containing 2 checkout steps).

✅ No Breaking Changes

What's in v5.0.1:

  • Single change: Backport of v6 authentication cleanup logic (PR #2301)
  • Purpose: Resolves edge case conflicts when the same repository is checked out by both v5 and v6-beta in the same job
  • Impact: Maintenance patch with improved compatibility, no API changes
  • Safety: Includes escape hatch via ACTIONS_CHECKOUT_SKIP_V6_CLEANUP environment variable

Risk Assessment: MINIMAL

  • Patch version bump (semantic versioning compliance)
  • No changes to action inputs, outputs, or behavior in standard workflows
  • Addresses uncommon edge case that doesn't affect this repository's usage patterns

✅ Security & Compliance

  • Pinned by SHA: ✅ Correctly uses commit SHA (93cb6efe...) for supply chain security
  • Version comment: ✅ Human-readable version tag (# v5.0.1) included for transparency
  • GitHub verified: ✅ Release is signed and verified by GitHub
  • Medical device compliance: ✅ No impact on Ketryx reporting or regulatory workflows

✅ CI/CD Impact Assessment

Affected workflows: All 16 workflow files use actions/checkout as first step

  • ✅ No syntax changes required
  • ✅ All workflow parameters (fetch-depth, ref, etc.) remain compatible
  • ✅ No changes to reusable workflow interfaces
  • ✅ BetterStack heartbeats unaffected
  • ✅ Scheduled tests (staging/production) will continue functioning

Testing: This PR's CI run will validate all workflows with the new version.

✅ Repository Standards Compliance

Conventional Commits:

chore(deps): update actions/checkout action to v5.0.1
  • Type: chore (correct for dependency updates)
  • Scope: deps (appropriate)
  • Message: Clear and descriptive

Documentation: N/A (no user-facing changes requiring CLAUDE.md updates)

Test Coverage: N/A (infrastructure-only change)

Recommendation

✅ APPROVE AND MERGE

This is a routine, low-risk dependency maintenance update that:

  1. ✅ Updates all workflow files consistently
  2. ✅ Contains no breaking changes
  3. ✅ Improves compatibility (v5/v6 interoperability)
  4. ✅ Maintains security best practices (SHA pinning)
  5. ✅ Follows repository standards (conventional commits)
  6. ✅ Is generated by Renovate (automated dependency management)

Merge Strategy: Standard merge (no special requirements)

Post-Merge: Monitor first CI run on main branch to confirm all workflows execute successfully with v5.0.1.

Additional Notes

Renovate Configuration: The bot correctly:

  • Identified the patch update
  • Updated all occurrences consistently
  • Maintained SHA pinning with version comments
  • Included release notes in PR description

For Reviewers: This PR can be safely auto-merged if your Renovate configuration supports it for patch-level action updates.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 24, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen Awaiting requested review from helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen is a code owner

Assignees

No one assigned

Labels

bot Automated pull requests or issues dependencies Pull requests that update a dependency file renovate Pull requests from Renovate skip:codecov Skip Codecov reporting and check skip:test:long_running Skip long-running tests (≥5min)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant