Skip to content

[actions] Update GitHub Actions versions - 2026-03-21#22120

Merged
pelikhan merged 4 commits intomainfrom
copilot/update-github-actions-versions
Mar 21, 2026
Merged

[actions] Update GitHub Actions versions - 2026-03-21#22120
pelikhan merged 4 commits intomainfrom
copilot/update-github-actions-versions

Conversation

Copy link
Contributor

Copilot AI commented Mar 21, 2026
edited by github-actions bot
Loading

Applies the Daily Workflow Updater patch to bump 20 action versions in actions-lock.json and workflow source files, then recompiles all 176 lock files.

Actions updated

Action Before After
actions/ai-inference v2.0.7 v2.0.8
actions/cache (+ restore/save) v5.0.3 v5.0.4
actions/create-github-app-token v3.0.0-beta.4 v3
actions/upload-artifact v7.0.0 v7
anchore/sbom-action v0.23.1 v0.24.0
astral-sh/setup-uv v7.5.0 v7.6
denoland/setup-deno v2.0.3 v2.0.4
docker/{build-push,login,metadata,setup-buildx}-action v*.0.0 v*
erlef/setup-beam v1.22.0 v1.23
github/codeql-action/upload-sarif v4.32.6 v4.34.1
github/gh-aw-actions/setup v0 v0.62.5
github/stale-repos v9.0.2 v9.0.4
oven-sh/setup-bun v2.1.3 v2.2.0
ruby/setup-ruby v1.292.0 v1.295.0
actions-ecosystem/action-add-labels v1 v1.1.3

Cleanup

  • Removed stale major-version alias entries (v4, v5.0.3, v4 for cache/restore, etc.) from the lock file

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh gh run download 23376628599 -n agent-artifacts -D /tmp/agent-artifacts-23376628599 (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw T8y5ETFseEua (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name k/gh-aw/gh-aw/pk-p k/gh-aw/gh-aw/pkgithub.com/github/gh-aw/pkg/console 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc/tmp/go-build1065201453/b204/vet.cfg -o /tmp/go-build254-c=4 -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --write **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-json sh -c "prettier" --wriGOINSECURE ache/go/1.25.0/xGOMOD 64/bin/go 5201453/b450/_pknode test@example.com/home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/.bin/prettier 5201453/b450=> go (http block)
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name prettier --write 64/bin/go --ignore-path .prettierignore --log-level=erronpx prettier --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json sh -c "prettier" --wriGOSUMDB git (http block)
  • https://api.github.com/repos/actions-ecosystem/action-add-labels/contents/action.yaml
    • Triggering command: /usr/bin/gh gh api /repos/actions-ecosystem/action-add-labels/contents/action.yaml?ref=c96b68fec76a0987cd93957189e9abd0b9a72ff1 --jq .content (http block)
  • https://api.github.com/repos/actions-ecosystem/action-add-labels/contents/action.yml
    • Triggering command: /usr/bin/gh gh api /repos/actions-ecosystem/action-add-labels/contents/action.yml?ref=c96b68fec76a0987cd93957189e9abd0b9a72ff1 --jq .content (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha --show-toplevel go /usr/bin/git re GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git ub/workflows GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha user.name Test User ache/node/24.14.0/x64/bin/node -json GO111MODULE 64/bin/go ache/node/24.14.0/x64/bin/node 5442�� uts.tag go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha 5201453/b436/_pkg_.a k/gh-aw/gh-aw/pkg/constants/constants_test.go 0/x64/bin/node -json GO111MODULE 64/bin/go 0/x64/bin/node -o ons-test2019599260 -trimpath /usr/bin/git l main -lang=go1.25 git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha runs/20260321-111348-42011/test-446349911/.github/workflows GOPROXY /snap/bin/sh l GOWORK 64/bin/go sh -c "prettier" --check 'scripts/**/*.js' --ignore-path .prettierignore sh /usr/bin/git tierignore git 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha --check **/*.cjs /usr/bin/git **/*.json --ignore-path ../../../.pretti--show-toplevel git rev-�� --show-toplevel node /usr/bin/git --write **/*.cjs 64/bin/go git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg stants.test GOINSECURE GOMOD GOMODCACHE stants.test (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ty-test.md GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env on' --ignore-path ../../../.pret-- GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha /tmp/gh-aw-test-runs/20260321-111348-42011/test-1897549909 status /usr/bin/git .github/workflowgit GO111MODULE 64/bin/go git rev-�� --git-dir go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/agent-performance-analyzer.md go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel go /usr/bin/git .js' --ignore-pagit GO111MODULE 0/x64/bin/node git rev-�� --show-toplevel go /usr/bin/git vaScript36799095git GO111MODULE cal/bin/sh git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha "prettier" --che-errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc-buildtags -o /tmp/go-build254-errorsas -trimpath 64/bin/go -d github.com/githu-atomic -lang=go1.25 go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --check scripts/**/*.js 64/bin/go .prettierignore (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha -e -f 64/bin/go -- unsafe 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/agent-persona-explorer.md s/test.md /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --get remote.origin.url /usr/bin/git h ../../../.pretgit GO111MODULE 64/bin/go git rev-�� --show-toplevel go ache/node/24.14.0/x64/bin/node -json GO111MODULE 64/bin/go ache/node/24.14.0/x64/bin/node (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha runs/20260321-111348-42011/test-1897549909 -test.v=true /usr/bin/git s/test.md -test.run=^Test -test.short=true--show-toplevel git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha add origin 0/x64/bin/node h ../../../.pretgit GO111MODULE 64/bin/go 0/x64/bin/node bran�� --show-current go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha 5201453/b430/_pkg_.a /tmp/go-build1065201453/b005/vet.cfg 0/x64/bin/node GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet t-ha�� ithub/workflows/ai-moderator.md /tmp/go-build1065201453/b207/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/link 4842550/b404/_pkgit GO111MODULE 64/bin/go ache/go/1.25.0/x64/pkg/tool/linux_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE cfg GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/node/24.14.0/x64/bin/node GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha -json GO111MODULE /home/REDACTED/work/node_modules/.bin/node GOINSECURE GOMOD GOMODCACHE node /opt�� runs/20260321-111658-54754/test-3887251091 --check /opt/hostedtoolcache/go/1.25.0/x64/bin/go l **/*.json --ignore-path go (http block)
  • https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
    • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0 --jq .object.sha (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -unreachable=false /tmp/go-build1065201453/b056/vet.cfg 5201453/b369/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� k/gh-aw/gh-aw/.github/workflows /tmp/go-build1065201453/b224/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet 4842550/b428/_pkgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha runs/20260321-111658-54754/test-475355651/.github/workflows GO111MODULE /home/REDACTED/work/gh-aw/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE sh -c "prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore GOPROXY /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/asm GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x1 (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha 1246-30499/test-3399281165 /tmp/go-build1065201453/b051/vet.cfg 5201453/b362/vet.cfg GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build1065201453/b223/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet 4842550/b436/_pkgit GO111MODULE 64/bin/go /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu--json (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE /opt/hostedtoolcache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env ithub-script/git/ref/tags/v8 GO111MODULE 854023/b418/vet.cfg GOINSECURE GOMOD GOMODCACHE sh (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha m0s GO111MODULE ache/node/24.14.0/x64/bin/node GOINSECURE GOMOD GOMODCACHE sh t-18�� bility_SameInputSameOutput12538444/001/stability-test.md GOPROXY /usr/bin/git GOSUMDB GOWORK 64/bin/go git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link env -json GO111MODULE 0/x64/bin/node GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE x86_64/node GOINSECURE GOMOD GOMODCACHE go 8d51�� -json GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE kR/yyjxJESSHc3089fRgrZr/aHz0DOVU-importcfg (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env .js' --ignore-path .prettierignore GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE piler}} GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env .js' --ignore-path .prettierignore GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env audit-workflows.md GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE n-dir/node GOINSECURE GOMOD GOMODCACHE go 8d51�� -json GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/bin/node GOINSECURE GOMOD GOMODCACHE go 8d51�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet estl�� -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 8d51�� -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link env g_.a GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE HC/wPHmRHH07drGotDxh6_4/9rUbv3kNVNgnGPLEQds7 (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go 8d51�� ai-moderator.md GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path che/go-build/bf/GOSUMDB GOPROXY 64/bin/go iles use Prettie/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet GOWORK 64/bin/go /opt/hostedtoolc/tmp/go-build1065201453/b213/vet.cfg -o /tmp/go-build2544842550/b413/_pkGOINSECURE -trimpath 64/bin/go -p github.com/githu-atomic -lang=go1.25 go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 **/*.cjs 64/bin/go go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/link estl�� aw.test GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json .cfg At,event,headBranch,headSha,displayTitle GOINSECURE GOMOD GOMODCACHE P5/IKo0RnU6mvci67yPKw6j/HSDucSmurev-parse env -json GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha ath ../../../.pr**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE node GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha ath ../../../.pr**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go er -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go /pre�� -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go er -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/githubnext/agentics/git/ref/tags/
    • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env y_with_explicit_repo302171050/001 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha ath ../../../.pr**/*.json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env re GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE ache/go/1.25.0/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go --ignore-path ../../../.pretti-unsafeptr=false 64/bin/go /opt/hostedtoolc/tmp/go-build1065201453/b218/vet.cfg -o /tmp/go-build2544842550/b415/_pkGOINSECURE -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go **/*.json --ignore-path ../../../.pretti-unreachable=false /opt/hostedtoolc/tmp/go-build1065201453/b223/vet.cfg -o /tmp/go-build2544842550/b436/_pkGOINSECURE -trimpath 64/bin/go -p github.com/githu-atomic -lang=go1.25 go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go --ignore-path .prettierignore --log-level=erro-json sh -c "prettier" --wriGOINSECURE git 64/bin/go master go /usr/bin/git go (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build1065201453/b400/cli.test /tmp/go-build1065201453/b400/cli.test -test.testlogfile=/tmp/go-build1065201453/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true **/*.ts **/*.json --ignore-path node /hom�� --check scripts/**/*.js 64/bin/go .prettierignore (http block)
    • Triggering command: /tmp/go-build552854023/b400/cli.test /tmp/go-build552854023/b400/cli.test -test.testlogfile=/tmp/go-build552854023/b400/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true --show-toplevel go /usr/bin/git node /opt�� prettier --write 64/bin/go !../../../pkg/wosh --ignore-path ../../../.pretti"prettier" --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.prettierignore go (http block)
    • Triggering command: /tmp/go-build1006034293/b001/cli.test /tmp/go-build1006034293/b001/cli.test -test.paniconexit0 -test.timeout=10m0s -test.count=1 -c "prettier" --wriGOINSECURE git 64/bin/go --show-toplevel erignore /usr/bin/git node /opt�� prettier --write 64/bin/go !../../../pkg/wonode --ignore-path ../../../.pretti--check go (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name tions-lock.json -errorsas GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolc-buildtags -V=f�� r: $owner, name:-errorsas sh 64/bin/go "prettier" --wri/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --write **/*.cjs 64/bin/go **/*.json --ignore-path ../../../.pretti-json sh -c "prettier" --wriGOINSECURE e/git-remote-httGOMOD 64/bin/go om/owner/repo.ginode go run-script/lib/n--check go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name prettier --write 64/bin/go --ignore-path .prettierignore --log-level=erronpx prettier --check '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pr**/*.json sh -c "prettier" --wriGOSUMDB git 64/bin/go --show-toplevel go /usr/bin/git go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.

✨ PR Review Safe Output Test - Run 23382583484

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

💥 [THE END] — Illustrated by Smoke Claude ·

Copilot AI linked an issue Mar 21, 2026 that may be closed by this pull request
[actions] Update GitHub Actions versions - 2026-03-21 #22117
Closed
github-actions bot and others added 2 commits March 21, 2026 11:10
@github-actions
chore: update GitHub Actions versions - 2026-03-21
f27739f 
Updated actions-lock.json and workflow references to latest compatible versions.

- actions-ecosystem/action-add-labels: v1 → v1.1.3
- actions/ai-inference: v2.0.7 → v2.0.8
- actions/cache, cache/restore, cache/save: v5.0.3 → v5.0.4
- actions/create-github-app-token: v3.0.0-beta.4 → v3
- actions/upload-artifact: v7.0.0 → v7
- anchore/sbom-action: v0.23.1 → v0.24.0
- astral-sh/setup-uv: v7.5.0 → v7.6
- denoland/setup-deno: v2.0.3 → v2.0.4
- docker/build-push-action: v7.0.0 → v7
- docker/login-action: v4.0.0 → v4
- docker/metadata-action: v6.0.0 → v6
- docker/setup-buildx-action: v4.0.0 → v4
- erlef/setup-beam: v1.22.0 → v1.23
- github/codeql-action/upload-sarif: v4.32.6 → v4.34.1
- github/gh-aw-actions/setup: v0 → v0.62.5
- github/stale-repos: v9.0.2 → v9.0.4
- oven-sh/setup-bun: v2.1.3 → v2.2.0
- ruby/setup-ruby: v1.292.0 → v1.295.0

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@pelikhan
chore: recompile workflow lock files after actions version updates
bbfad4f 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/b66234a1-8d2c-4bd2-8f2b-008355feb047
Copilot AI changed the title [WIP] Update GitHub Actions versions to latest compatible releases [actions] Update GitHub Actions versions - 2026-03-21 Mar 21, 2026
Copilot AI requested a review from pelikhan March 21, 2026 11:23
This was referenced Mar 21, 2026
Open
Closed
Closed
@pelikhan pelikhan marked this pull request as ready for review March 21, 2026 15:16
Copilot AI review requested due to automatic review settings March 21, 2026 15:16
@pelikhan pelikhan added the smoke label Mar 21, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026
edited
Loading

✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

@github-actions github-actions bot removed the smoke label Mar 21, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026
edited
Loading

🎬 THE ENDSmoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026
edited
Loading

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

Copilot AI reviewed Mar 21, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates GitHub Actions references across workflow source files and their generated lock workflows, aligning the repository with newer action versions and refreshed lock metadata.

Changes:

  • Bumps multiple GitHub Actions version references in workflow source files (e.g., upload-artifact, cache, docker/*, stale-repos, setup-node).
  • Regenerates corresponding *.lock.yml workflows to reflect updated action pins/comments and metadata hashes.
  • Updates select workflow steps to newer action versions (e.g., actions/cache v5.0.4, anchore/sbom-action v0.24.0).

Reviewed changes

Copilot reviewed 188 out of 188 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/workflow-skill-extractor.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/workflow-normalizer.lock.yml Updates actions/upload-artifact and docker action references to v7/v4.
.github/workflows/workflow-health-manager.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/workflow-generator.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/weekly-safe-outputs-spec-review.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/weekly-editors-health-check.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/video-analyzer.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/update-astro.md Updates actions/setup-node to v6.3.0.
.github/workflows/update-astro.lock.yml Updates metadata hash; updates actions/upload-artifact to v7 and actions/setup-node comment to v6.3.0.
.github/workflows/ubuntu-image-analyzer.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/typist.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/tidy.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/test-workflow.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/test-project-url-default.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/test-dispatcher.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/terminal-stylist.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/super-linter.md Updates actions/upload-artifact to v7.
.github/workflows/sub-issue-closer.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/step-name-alignment.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/stale-repo-identifier.md Updates github/stale-repos to v9.0.4.
.github/workflows/smoke-workflow-call.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-workflow-call-with-inputs.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-test-tools.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-temporary-id.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-project.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-multi-pr.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-create-cross-repo-pr.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-codex.md Updates actions-ecosystem/action-add-labels to v1.1.3.
.github/workflows/smoke-call-workflow.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-agent-scoped-approved.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-agent-public-none.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-agent-public-approved.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-agent-all-none.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/smoke-agent-all-merged.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/shared/trending-charts-simple.md Updates actions/upload-artifact to v7 for chart/source uploads.
.github/workflows/shared/python-dataviz.md Updates actions/upload-artifact to v7 for chart/source uploads.
.github/workflows/shared/ollama-threat-scan.md Updates actions/upload-artifact to v7 for scan results.
.github/workflows/shared/mcp/qmd-docs.md Updates actions/cache/restore to v5.0.4.
.github/workflows/sergo.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/semantic-function-refactor.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/security-compliance.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/schema-feature-coverage.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/schema-consistency-checker.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/research.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/repo-tree-map.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/release.md Updates docker actions to v4/v6/v7, anchore/sbom-action to v0.24.0, and actions/upload-artifact to v7.
.github/workflows/refiner.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/pr-triage-agent.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/plan.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/pdf-summary.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/notion-issue-summary.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/metrics-collector.lock.yml Updates docker actions to v4/v7 and actions/upload-artifact to v7.
.github/workflows/mergefest.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/layout-spec-maintainer.lock.yml Updates actions/cache to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/jsweep.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/issue-triage-agent.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/issue-monster.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/issue-arborist.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/hourly-ci-cleaner.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/grumpy-reviewer.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/gpclean.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/go-pattern-detector.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/go-logger.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/go-fan.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/github-remote-mcp-auth-test.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/functional-pragmatist.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/firewall.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/example-workflow-analyzer.lock.yml Updates docker actions to v4/v7 and actions/upload-artifact to v7.
.github/workflows/example-permissions-warning.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/duplicate-code-detector.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/draft-pr-cleanup.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/docs-noob-tester.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/discussion-task-miner.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/dictation-prompt.lock.yml Updates metadata hash; updates cache restore to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/dev.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/dev-hawk.lock.yml Updates docker actions to v4/v7 and actions/upload-artifact to v7.
.github/workflows/dependabot-go-checker.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/dependabot-burner.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/delight.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-workflow-updater.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-testify-uber-super-expert.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-team-status.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-team-evolution-insights.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-syntax-error-quality.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-semgrep-scan.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-security-red-team.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-secrets-analysis.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-safe-outputs-conformance.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-safe-output-integrator.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-regulatory.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-observability-report.lock.yml Updates docker actions to v4/v7 and actions/upload-artifact to v7.
.github/workflows/daily-multi-device-docs-tester.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-malicious-code-scan.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-file-diet.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-cli-tools-tester.lock.yml Updates docker actions to v4/v7 and actions/upload-artifact to v7.
.github/workflows/daily-cli-performance.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-choice-test.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/daily-assign-issue-to-user.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/craft.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/copilot-pr-merged-report.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/copilot-cli-deep-research.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/contribution-check.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/commit-changes-analyzer.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/codex-github-remote-mcp-test.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/code-simplifier.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/cli-consistency-checker.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/ci-doctor.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/ci-coach.lock.yml Updates cache action pins to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/changeset.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/breaking-change-checker.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/brave.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/bot-detection.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/blog-auditor.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/auto-triage-issues.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/artifacts-summary.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/archie.lock.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/ai-moderator.lock.yml Updates actions/cache to v5.0.4 and actions/upload-artifact to v7.
.github/workflows/agentics-maintenance.yml Updates actions/upload-artifact reference comment/pin to v7.
.github/workflows/agent-performance-analyzer.lock.yml Updates docker actions to v4/v7 and actions/upload-artifact to v7.
.github/workflows/ace-editor.lock.yml Updates actions/upload-artifact reference comment/pin to v7.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026

Agent Container Tool Check

Tool Status Version
bash 5.2.21
sh available
git 2.53.0
jq 1.7
yq 4.52.4
curl 8.5.0
gh 2.87.3
node 20.20.1
python3 3.12.3
go 1.24.13
java 21.0.10 (Temurin)
dotnet 10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test ·

@pelikhan
Copy link
Contributor

pelikhan commented Mar 21, 2026

@copilot fix https://github.com/github/gh-aw/actions/runs/23378541676/job/68024267438#step:9:1

@github-actions github-actions bot mentioned this pull request Mar 21, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026

Smoke Test Results for run #23382583522

Test Status
GitHub MCP
MCP Scripts GH CLI
Serena MCP
Playwright
Web Fetch
File Writing
Bash Tool
Discussion Interaction
Build gh-aw
Discussion Creation
Workflow Dispatch
PR Review

Overall: PASS (11/12 — Serena tools unavailable)

@pelikhan (assignee) — PR author: copilot-swe-agent[bot]

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

📰 BREAKING: Report filed by Smoke Copilot ·

github-actions[bot]
github-actions bot reviewed Mar 21, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke test review of PR #22120: Updates GitHub Actions version comments from v7.0.0 to v7 across lock files. SHAs are pinned so changes are safe and non-breaking.

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

  • pr:#22120 (pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)

📰 BREAKING: Report filed by Smoke Copilot

.github/workflows/agentics-maintenance.yml
- name: Upload secret validation report
if: always()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
Copy link
Contributor

@github-actions github-actions bot Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version comment updated from v7.0.0 to v7 — this is fine since the SHA is pinned and the comment is just informational.

.github/workflows/ace-editor.lock.yml
- name: Upload activation artifact
if: success()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
Copy link
Contributor

@github-actions github-actions bot Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good: using a pinned SHA with a simplified version comment (v7 instead of v7.0.0). The SHA ensures reproducibility regardless of the label.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@pelikhan pelikhan closed this Mar 21, 2026
@pelikhan pelikhan reopened this Mar 21, 2026
Copilot stopped work on behalf of pelikhan due to an error March 21, 2026 15:25
The session was cancelled by the user.
@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026

Smoke test (Codex) results:

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • ab.chatgpt.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "ab.chatgpt.com"

See Network Configuration for more information.

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

  • #22127 (search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)

🔮 The oracle has spoken through Smoke Codex ·

@github-actions github-actions bot mentioned this pull request Mar 21, 2026
Closed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026

Smoke Test 23382583484 — PARTIAL PASS

Test Result
1. GitHub MCP
2. MCP Scripts GH CLI
3. Serena MCP
4. Make Build
5. Playwright
6. Tavily Search
7. File Writing
8. Bash Tool
9. Discussion Comment
10. Agentic Workflows MCP
11. Slack Safe Output
12. Update PR
13. PR Review Comments
14. Submit PR Review
15. Resolve Review Thread ⚠️ Skipped (DIFC)
16. Add Reviewer
17. Push to PR Branch
18. Close PR ⚠️ Skipped (no test PR)

Overall: PARTIAL (16 ✅, 2 ⚠️ skipped)

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

💥 [THE END] — Illustrated by Smoke Claude ·

github-actions[bot]
github-actions bot reviewed Mar 21, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💥 Automated smoke test review - all systems nominal!

Note

🔒 Integrity filtering filtered 1 item

Integrity filtering activated and filtered the following item during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.

  • pr:#22120 (pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)

💥 [THE END] — Illustrated by Smoke Claude

.github/workflows/ace-editor.lock.yml
- name: Upload activation artifact
if: success()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
Copy link
Contributor

@github-actions github-actions bot Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good cleanup removing the .0 patch suffix from the version comment. Keeping version annotations concise (e.g., # v7 vs # v7.0.0) is cleaner and avoids confusion when minor versions change but the pinned SHA stays the same.

.github/workflows/ace-editor.lock.yml
if: always()
continue-on-error: true
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
Copy link
Contributor

@github-actions github-actions bot Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same version comment normalization here for the Upload agent artifacts step. Consistent with the activation artifact step above — good to have both aligned.

@pelikhan
Copy link
Contributor

pelikhan commented Mar 21, 2026

@copilot fix build wasm

Copy link
Contributor Author

Copilot AI commented Mar 21, 2026

@copilot fix build wasm

Fixed in 8295c05. The WASM golden test files had stale version comments (# v7.0.0, # v4.0.0) that didn't match the updated actions-lock.json entries (v7, v4). Updated basic-copilot.golden, smoke-copilot.golden, and with-imports.golden accordingly.

@pelikhan pelikhan merged commit ea769e8 into main Mar 21, 2026
53 checks passed
@pelikhan pelikhan deleted the copilot/update-github-actions-versions branch March 21, 2026 15:45
@github-actions github-actions bot mentioned this pull request Mar 21, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

smoke-claude smoke-copilot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[actions] Update GitHub Actions versions - 2026-03-21

3 participants

@pelikhan