From 62c50271e7276c645f37684945ab2f4770b8ce2e Mon Sep 17 00:00:00 2001 From: Alan Agius <17563226+alan-agius4@users.noreply.github.com> Date: Thu, 5 Mar 2026 08:56:42 +0000 Subject: [PATCH 1/2] ci: remove redundant `actions/checkout` steps from dev-infra workflows Checking out the repo is not needed for these actions. --- .github/workflows/dev-infra.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/dev-infra.yml b/.github/workflows/dev-infra.yml index 024e51955b11..fb6843d8d96b 100644 --- a/.github/workflows/dev-infra.yml +++ b/.github/workflows/dev-infra.yml @@ -15,7 +15,6 @@ jobs: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: angular/dev-infra/github-actions/labeling/pull-request@c4344a4e20dbdf9cb8eeb7a7eb91431b98eabd99 with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} @@ -24,7 +23,6 @@ jobs: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: angular/dev-infra/github-actions/post-approval-changes@c4344a4e20dbdf9cb8eeb7a7eb91431b98eabd99 with: angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }} From 78026d8fd4726c2a69eaf3fdca2e34c1e002bd15 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 22 Apr 2026 07:38:56 +0000 Subject: [PATCH 2/2] build: update all github actions See associated pull request for more information. --- .github/workflows/benchmark-compare.yml | 2 +- .github/workflows/pr.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/benchmark-compare.yml b/.github/workflows/benchmark-compare.yml index e81f52a5a62e..91feed88c1d8 100644 --- a/.github/workflows/benchmark-compare.yml +++ b/.github/workflows/benchmark-compare.yml @@ -25,7 +25,7 @@ jobs: token: '${{secrets.BENCHMARK_POST_RESULTS_GITHUB_TOKEN}}' reactions: 'rocket' - - uses: alessbell/pull-request-comment-branch@aad01d65d6982b8eacabed5e9a684cd8ceb98da6 # v1.1 + - uses: alessbell/pull-request-comment-branch@ef3408c9757d05f89cb525036383033a313758a0 # v2.1.0 id: comment-branch - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 3715b6f7023f..641dabeca320 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -88,7 +88,7 @@ jobs: ASPECT_RULES_JS_FROZEN_PNPM_LOCK: '1' - name: Upload GRPC logs (for debugging of RBE issues) if: always() - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: path: /tmp/rbe-grpc.log retention-days: 1 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4f28c94b79b9..db15d648ecd1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -39,7 +39,7 @@ jobs: # Upload the results as artifacts. - name: 'Upload artifact' - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif