Skip to content

Bump actions/checkout from 5.0.1 to 6.0.0#1005

Merged
jeffhandley merged 2 commits intomainfrom
dependabot/github_actions/actions/checkout-6.0.0
Dec 9, 2025
Merged

Bump actions/checkout from 5.0.1 to 6.0.0#1005
jeffhandley merged 2 commits intomainfrom
dependabot/github_actions/actions/checkout-6.0.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 21, 2025
edited
Loading

Bumps actions/checkout from 5.0.1 to 6.0.0.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 21, 2025

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
Bump actions/checkout from 5.0.1 to 6.0.0
b40be9b 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v5.0.1...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions/checkout-6.0.0 branch from 88aa76b to b40be9b Compare December 1, 2025 22:19
@jeffhandley jeffhandley self-assigned this Dec 5, 2025
@jeffhandley jeffhandley requested a review from Copilot December 5, 2025 20:13
@jeffhandley
Copy link
Collaborator

jeffhandley commented Dec 5, 2025

@copilot Are there any breaking changes in actions/checkout from 5.0.1 to 6.0.0 that we need to make compensating changes for? We have had previous dependabot bumps to actions that broke our build in subtle ways.

Copy link
Contributor

Copilot AI commented Dec 5, 2025

@jeffhandley I've opened a new pull request, #1065, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Dec 5, 2025
Closed
Copilot AI reviewed Dec 5, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bumps the actions/checkout GitHub Action from version 5.0.1 to 6.0.0 across all workflow files. The update includes important changes such as persisting credentials to a separate file under $RUNNER_TEMP and requires Actions Runner v2.329.0+ for Docker container scenarios.

Key Changes:

  • Updated all actions/checkout references to v6.0.0 (commit hash: 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3)
  • Maintained existing configuration parameters (e.g., fetch-depth: 0 where used)
  • One workflow uses inconsistent version reference format (version tag instead of commit hash)

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
.github/workflows/release.yml Updated 5 instances of actions/checkout to v6.0.0 across build, package, and publish jobs
.github/workflows/markdown-link-check.yml Updated checkout action to v6.0.0 for markdown link validation
.github/workflows/docs.yml Updated checkout action to v6.0.0 for documentation publishing
.github/workflows/copilot-setup-steps.yml Updated checkout action to v6.0.0, but uses version tag format instead of commit hash
.github/workflows/ci-code-coverage.yml Updated checkout action to v6.0.0 for code coverage workflow
.github/workflows/ci-build-test.yml Updated checkout action to v6.0.0 for CI build and test workflow

@jeffhandley
Use pinned SHA for action reference
c459926 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2025

A newer version of actions/checkout exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@jeffhandley jeffhandley merged commit 66ba342 into main Dec 9, 2025
10 checks passed
@jeffhandley jeffhandley deleted the dependabot/github_actions/actions/checkout-6.0.0 branch December 9, 2025 06:34
halter73 pushed a commit that referenced this pull request Dec 10, 2025
@dependabot @jeffhandley
@halter73
Bump actions/checkout from 5.0.1 to 6.0.0 (#1005)
48a9f17 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeff Handley <jeffhandley@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jeffhandley jeffhandley jeffhandley approved these changes

Assignees

@jeffhandley jeffhandley

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jeffhandley