From 1dc09fcf2cdd50c2d00ed2075b2868c999d957b3 Mon Sep 17 00:00:00 2001 From: GitHub Automation Date: Sat, 7 Mar 2026 09:25:19 +0000 Subject: [PATCH 1/5] chore: update GitHub Actions versions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates to GitHub Actions versions: - actions/setup-node: v6.2.0 removed (v6.3.0 available) - docker/build-push-action: v6.19.2 → v7 - docker/login-action: v3.7.0 removed (v4 available) - docker/metadata-action: v5.10.0 → v6 - docker/setup-buildx-action: v3.12.0 removed (v4 available) - github/codeql-action/upload-sarif: v4.32.5 → v4.32.6 - github/stale-repos: v9.0.1 → v9.0.2 - ruby/setup-ruby: v1.289.0 → v1.290.0 All updates applied by 'gh aw update' command. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/aw/actions-lock.json | 54 ++++++++++++------------------------ 1 file changed, 17 insertions(+), 37 deletions(-) diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 77ec12614a1..2a6ffb6fdfa 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -60,11 +60,6 @@ "version": "v5.2.0", "sha": "be666c2fcd27ec809703dec50e508c2fdc7f6654" }, - "actions/setup-node@v6.2.0": { - "repo": "actions/setup-node", - "version": "v6.2.0", - "sha": "6044e13b5dc448c55e2357c09f80417699197238" - }, "actions/setup-node@v6.3.0": { "repo": "actions/setup-node", "version": "v6.3.0", @@ -100,30 +95,20 @@ "version": "v2.0.3", "sha": "e95548e56dfa95d4e1a28d6f422fafe75c4c26fb" }, - "docker/build-push-action@v6.19.2": { + "docker/build-push-action@v7": { "repo": "docker/build-push-action", - "version": "v6.19.2", - "sha": "10e90e3645eae34f1e60eeb005ba3a3d33f178e8" - }, - "docker/login-action@v3.7.0": { - "repo": "docker/login-action", - "version": "v3.7.0", - "sha": "c94ce9fb468520275223c153574b00df6fe4bcc9" + "version": "v7", + "sha": "d08e5c354a6adb9ed34480a06d141179aa583294" }, "docker/login-action@v4": { "repo": "docker/login-action", "version": "v4", "sha": "b45d80f862d83dbcd57f89517bcf500b2ab88fb2" }, - "docker/metadata-action@v5.10.0": { + "docker/metadata-action@v6": { "repo": "docker/metadata-action", - "version": "v5.10.0", - "sha": "c299e40c65443455700f0fdfc63efafe5b349051" - }, - "docker/setup-buildx-action@v3.12.0": { - "repo": "docker/setup-buildx-action", - "version": "v3.12.0", - "sha": "8d2750c68a42422c14e847fe6c8ac0403b4cbd6f" + "version": "v6", + "sha": "030e881283bb7a6894de51c315a6bfe6a94e05cf" }, "docker/setup-buildx-action@v4": { "repo": "docker/setup-buildx-action", @@ -135,15 +120,10 @@ "version": "v1.21.0", "sha": "3580539ceec3dc05b0ed51e9e10b08eb7a7c2bb4" }, - "github/codeql-action/upload-sarif@v4.32.5": { + "github/codeql-action/upload-sarif@v4.32.6": { "repo": "github/codeql-action/upload-sarif", - "version": "v4.32.5", - "sha": "9c6c5ab400c838ab09eec30bfeded23893cf60cc" - }, - "github/stale-repos@v9.0.1": { - "repo": "github/stale-repos", - "version": "v9.0.1", - "sha": "86c425f3b9ad6696e3f967c7f8fa5ccc1e59a7bc" + "version": "v4.32.6", + "sha": "fb0994ef1c058010acf1efccff928b0a83b1ed54" }, "github/stale-repos@v9.0.2": { "repo": "github/stale-repos", @@ -155,25 +135,25 @@ "version": "v2.10.3", "sha": "9cd1b7bf3f36d5a3c3b17abc3545bfb5481912ea" }, + "microsoft/apm-action@v1": { + "repo": "microsoft/apm-action", + "version": "v1", + "sha": "92d6dc8046ad61b340662adefd2f997bf93d2987" + }, "oven-sh/setup-bun@v2.1.3": { "repo": "oven-sh/setup-bun", "version": "v2.1.3", "sha": "ecf28ddc73e819eb6fa29df6b34ef8921c743461" }, - "ruby/setup-ruby@v1.289.0": { + "ruby/setup-ruby@v1.290.0": { "repo": "ruby/setup-ruby", - "version": "v1.289.0", - "sha": "19a43a6a2428d455dbd1b85344698725179c9d8c" + "version": "v1.290.0", + "sha": "6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c" }, "super-linter/super-linter@v8.5.0": { "repo": "super-linter/super-linter", "version": "v8.5.0", "sha": "61abc07d755095a68f4987d1c2c3d1d64408f1f9" - }, - "microsoft/apm-action@v1": { - "repo": "microsoft/apm-action", - "version": "v1", - "sha": "92d6dc8046ad61b340662adefd2f997bf93d2987" } } } From 43021c5574855a7dc4674da239129619e3a040b9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 7 Mar 2026 09:26:55 +0000 Subject: [PATCH 2/5] ci: trigger checks From d229f64aa4e8eb0ee2bcf1a2a84356c92d42ecc0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 7 Mar 2026 13:02:54 +0000 Subject: [PATCH 3/5] chore: recompile workflow lock files after actions-lock.json update Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/aw/actions-lock.json | 30 +++++++++++++++++ .../agent-performance-analyzer.lock.yml | 2 +- .../workflows/agent-persona-explorer.lock.yml | 2 +- .github/workflows/audit-workflows.lock.yml | 2 +- .github/workflows/cloclo.lock.yml | 2 +- .../workflows/daily-cli-tools-tester.lock.yml | 2 +- .../workflows/daily-firewall-report.lock.yml | 2 +- .../daily-observability-report.lock.yml | 2 +- .../daily-rendering-scripts-verifier.lock.yml | 2 +- .../daily-safe-output-optimizer.lock.yml | 2 +- .github/workflows/deep-report.lock.yml | 2 +- .github/workflows/dev-hawk.lock.yml | 2 +- .../example-workflow-analyzer.lock.yml | 2 +- .github/workflows/mcp-inspector.lock.yml | 2 +- .github/workflows/metrics-collector.lock.yml | 2 +- .github/workflows/portfolio-analyst.lock.yml | 2 +- .../prompt-clustering-analysis.lock.yml | 2 +- .github/workflows/python-data-charts.lock.yml | 2 +- .github/workflows/q.lock.yml | 2 +- .github/workflows/safe-output-health.lock.yml | 2 +- .github/workflows/security-review.lock.yml | 2 +- .github/workflows/smoke-claude.lock.yml | 2 +- .github/workflows/smoke-copilot-arm.lock.yml | 2 +- .github/workflows/smoke-copilot.lock.yml | 2 +- .../workflows/static-analysis-report.lock.yml | 2 +- .../workflows/workflow-normalizer.lock.yml | 2 +- pkg/workflow/data/action_pins.json | 32 ++++++++++++------- 27 files changed, 76 insertions(+), 36 deletions(-) diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 2a6ffb6fdfa..4a46f526253 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -60,6 +60,11 @@ "version": "v5.2.0", "sha": "be666c2fcd27ec809703dec50e508c2fdc7f6654" }, + "actions/setup-node@v6.2.0": { + "repo": "actions/setup-node", + "version": "v6.2.0", + "sha": "6044e13b5dc448c55e2357c09f80417699197238" + }, "actions/setup-node@v6.3.0": { "repo": "actions/setup-node", "version": "v6.3.0", @@ -95,21 +100,41 @@ "version": "v2.0.3", "sha": "e95548e56dfa95d4e1a28d6f422fafe75c4c26fb" }, + "docker/build-push-action@v6.19.2": { + "repo": "docker/build-push-action", + "version": "v6.19.2", + "sha": "10e90e3645eae34f1e60eeb005ba3a3d33f178e8" + }, "docker/build-push-action@v7": { "repo": "docker/build-push-action", "version": "v7", "sha": "d08e5c354a6adb9ed34480a06d141179aa583294" }, + "docker/login-action@v3.7.0": { + "repo": "docker/login-action", + "version": "v3.7.0", + "sha": "c94ce9fb468520275223c153574b00df6fe4bcc9" + }, "docker/login-action@v4": { "repo": "docker/login-action", "version": "v4", "sha": "b45d80f862d83dbcd57f89517bcf500b2ab88fb2" }, + "docker/metadata-action@v5.10.0": { + "repo": "docker/metadata-action", + "version": "v5.10.0", + "sha": "c299e40c65443455700f0fdfc63efafe5b349051" + }, "docker/metadata-action@v6": { "repo": "docker/metadata-action", "version": "v6", "sha": "030e881283bb7a6894de51c315a6bfe6a94e05cf" }, + "docker/setup-buildx-action@v3.12.0": { + "repo": "docker/setup-buildx-action", + "version": "v3.12.0", + "sha": "8d2750c68a42422c14e847fe6c8ac0403b4cbd6f" + }, "docker/setup-buildx-action@v4": { "repo": "docker/setup-buildx-action", "version": "v4", @@ -125,6 +150,11 @@ "version": "v4.32.6", "sha": "fb0994ef1c058010acf1efccff928b0a83b1ed54" }, + "github/stale-repos@v9.0.1": { + "repo": "github/stale-repos", + "version": "v9.0.1", + "sha": "86c425f3b9ad6696e3f967c7f8fa5ccc1e59a7bc" + }, "github/stale-repos@v9.0.2": { "repo": "github/stale-repos", "version": "v9.0.2", diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index a9d026f89e0..3180f2ffc7e 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -314,7 +314,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 60b29a4f172..e9aa8f7ee2e 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -313,7 +313,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 829dd403140..71e51b5310f 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -331,7 +331,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 8db836ac97a..84727e7a2c6 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -418,7 +418,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index ec42fce5a3b..fe3e1b89655 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -296,7 +296,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index e175bfdd341..fe03e8eea36 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -316,7 +316,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index f48f36c4aee..b4123afeb76 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -308,7 +308,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index 071ca69f7a8..8518a017b69 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -317,7 +317,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index ddb4b8c196c..58d15efb240 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -317,7 +317,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index e95da0b37e7..8b85f6cf05a 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -332,7 +332,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 8eff28fae30..01b5b67f70f 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -325,7 +325,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 0ec291feba3..d6f12a567e5 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -300,7 +300,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 00d97a5f97a..7650ce40c05 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -368,7 +368,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 24a9a6579d4..69e148230c3 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -295,7 +295,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index f22efc2e702..5d59410ac14 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -319,7 +319,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index ba59d9ef496..25ae3a660da 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -322,7 +322,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 1318ff7c403..bf04daf8aa1 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -315,7 +315,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index b6dc61646d2..d60058ea866 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -403,7 +403,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index edb5bca0831..334f96bf79b 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -312,7 +312,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 59eb70a141e..ea9b720bde5 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -355,7 +355,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index cf7dbb45925..3b7169c5f13 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -708,7 +708,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index 744ed2a8cac..2f200f84c94 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -374,7 +374,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 4d478fc006d..769ab8e6b93 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -377,7 +377,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 9a02482c22a..8231c68c839 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -308,7 +308,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 964704dd2a9..d38a9a6696c 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -302,7 +302,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 diff --git a/pkg/workflow/data/action_pins.json b/pkg/workflow/data/action_pins.json index 77ec12614a1..4a46f526253 100644 --- a/pkg/workflow/data/action_pins.json +++ b/pkg/workflow/data/action_pins.json @@ -105,6 +105,11 @@ "version": "v6.19.2", "sha": "10e90e3645eae34f1e60eeb005ba3a3d33f178e8" }, + "docker/build-push-action@v7": { + "repo": "docker/build-push-action", + "version": "v7", + "sha": "d08e5c354a6adb9ed34480a06d141179aa583294" + }, "docker/login-action@v3.7.0": { "repo": "docker/login-action", "version": "v3.7.0", @@ -120,6 +125,11 @@ "version": "v5.10.0", "sha": "c299e40c65443455700f0fdfc63efafe5b349051" }, + "docker/metadata-action@v6": { + "repo": "docker/metadata-action", + "version": "v6", + "sha": "030e881283bb7a6894de51c315a6bfe6a94e05cf" + }, "docker/setup-buildx-action@v3.12.0": { "repo": "docker/setup-buildx-action", "version": "v3.12.0", @@ -135,10 +145,10 @@ "version": "v1.21.0", "sha": "3580539ceec3dc05b0ed51e9e10b08eb7a7c2bb4" }, - "github/codeql-action/upload-sarif@v4.32.5": { + "github/codeql-action/upload-sarif@v4.32.6": { "repo": "github/codeql-action/upload-sarif", - "version": "v4.32.5", - "sha": "9c6c5ab400c838ab09eec30bfeded23893cf60cc" + "version": "v4.32.6", + "sha": "fb0994ef1c058010acf1efccff928b0a83b1ed54" }, "github/stale-repos@v9.0.1": { "repo": "github/stale-repos", @@ -155,25 +165,25 @@ "version": "v2.10.3", "sha": "9cd1b7bf3f36d5a3c3b17abc3545bfb5481912ea" }, + "microsoft/apm-action@v1": { + "repo": "microsoft/apm-action", + "version": "v1", + "sha": "92d6dc8046ad61b340662adefd2f997bf93d2987" + }, "oven-sh/setup-bun@v2.1.3": { "repo": "oven-sh/setup-bun", "version": "v2.1.3", "sha": "ecf28ddc73e819eb6fa29df6b34ef8921c743461" }, - "ruby/setup-ruby@v1.289.0": { + "ruby/setup-ruby@v1.290.0": { "repo": "ruby/setup-ruby", - "version": "v1.289.0", - "sha": "19a43a6a2428d455dbd1b85344698725179c9d8c" + "version": "v1.290.0", + "sha": "6ca151fd1bfcfd6fe0c4eb6837eb0584d0134a0c" }, "super-linter/super-linter@v8.5.0": { "repo": "super-linter/super-linter", "version": "v8.5.0", "sha": "61abc07d755095a68f4987d1c2c3d1d64408f1f9" - }, - "microsoft/apm-action@v1": { - "repo": "microsoft/apm-action", - "version": "v1", - "sha": "92d6dc8046ad61b340662adefd2f997bf93d2987" } } } From 7b3ae38c4f876b406f00612fdbefe7c07afd128a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 7 Mar 2026 13:17:27 +0000 Subject: [PATCH 4/5] test: update wasm golden test for docker/build-push-action v7 SHA Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .../TestWasmGolden_CompileFixtures/smoke-copilot.golden | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden index 662ad7bb38d..2f4b391c4c8 100644 --- a/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/TestWasmGolden_CompileFixtures/smoke-copilot.golden @@ -336,7 +336,7 @@ jobs: - name: Setup Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build gh-aw Docker image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . platforms: linux/amd64 From 085e777f273582a4412b5bc3d98bc12494b01fd5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 7 Mar 2026 13:28:47 +0000 Subject: [PATCH 5/5] test: update expected action pin count from 35 to 37 after actions update Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/action_pins_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/workflow/action_pins_test.go b/pkg/workflow/action_pins_test.go index 07186fac0cc..1b7479a0ce2 100644 --- a/pkg/workflow/action_pins_test.go +++ b/pkg/workflow/action_pins_test.go @@ -297,9 +297,9 @@ func TestApplyActionPinToStep(t *testing.T) { func TestGetActionPinsSorting(t *testing.T) { pins := getActionPins() - // Verify we got all the pins (35 as of March 2026) - if len(pins) != 35 { - t.Errorf("getActionPins() returned %d pins, expected 35", len(pins)) + // Verify we got all the pins (37 as of March 2026) + if len(pins) != 37 { + t.Errorf("getActionPins() returned %d pins, expected 37", len(pins)) } // Verify they are sorted by version (descending) then by repository name (ascending)