diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18da789..8092232 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: name: Lint & Typecheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: { fetch-depth: 0 } # Node 22 first; corepack provides pnpm pinned to packageManager. @@ -100,7 +100,7 @@ jobs: DATABASE_URL: mysql://mskanban:cipass@127.0.0.1:3306/mskanban_test REDIS_URL: redis://127.0.0.1:6379 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Node 22 first — its bundled corepack reads the `packageManager` # field in package.json and downloads exactly that pnpm version # on first use. We deliberately do NOT use pnpm/action-setup @@ -173,7 +173,7 @@ jobs: # enable it so the test can create its throwaway account. FEATURE_PUBLIC_REGISTRATION: "true" steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Node 22 first — its bundled corepack reads the `packageManager` # field in package.json and downloads exactly that pnpm version # on first use. We deliberately do NOT use pnpm/action-setup @@ -223,7 +223,7 @@ jobs: DATABASE_URL: mysql://placeholder:placeholder@127.0.0.1:3306/placeholder REDIS_URL: redis://127.0.0.1:6379 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Node 22 first — its bundled corepack reads the `packageManager` # field in package.json and downloads exactly that pnpm version # on first use. We deliberately do NOT use pnpm/action-setup @@ -253,7 +253,7 @@ jobs: name: pnpm audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # Node 22 first — its bundled corepack reads the `packageManager` # field in package.json and downloads exactly that pnpm version # on first use. We deliberately do NOT use pnpm/action-setup @@ -284,7 +284,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: { fetch-depth: 0 } - name: Verify Signed-off-by on each commit run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b2cc7b6..b533cc1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,7 +23,7 @@ jobs: matrix: language: [javascript-typescript] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index cc52dc4..f085dbf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -53,7 +53,7 @@ jobs: url: https://mskanban.msk-scripts.de/ steps: - name: Checkout (for the workflow code only) - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Load action key into SSH agent uses: webfactory/ssh-agent@v0.10.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3b79690..aea4442 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,7 +35,7 @@ jobs: name: Build & push container image runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: { fetch-depth: 0 } - uses: docker/setup-qemu-action@v4 @@ -141,7 +141,7 @@ jobs: name: SBOM (CycloneDX + SPDX) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: { fetch-depth: 0 } # Syft natively reads `pnpm-lock.yaml` — npm-centric tools like @@ -175,7 +175,7 @@ jobs: runs-on: ubuntu-latest needs: [docker, sbom] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: { fetch-depth: 0 } - uses: actions/download-artifact@v8 diff --git a/.github/workflows/update-sponsors.yml b/.github/workflows/update-sponsors.yml index f623270..609c253 100644 --- a/.github/workflows/update-sponsors.yml +++ b/.github/workflows/update-sponsors.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v7 # Default GITHUB_TOKEN reicht für Checkout + Push (siehe `permissions: contents: write` oben). # SPONSORS_TOKEN ist ein User-PAT und nur für die Sponsors-GraphQL-API gedacht # (read:user-Scope). Mit ihm als checkout-Token scheiterte `git fetch` mit