Skip to content

build(deps): bump actions/checkout from 4 to 6#1222

Merged
ErikBjare merged 1 commit intomasterfrom
dependabot/github_actions/actions/checkout-6
Mar 21, 2026
Merged

build(deps): bump actions/checkout from 4 to 6#1222
ErikBjare merged 1 commit intomasterfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 21, 2026

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump actions/checkout from 4 to 6
619b1aa 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 21, 2026
@ErikBjare ErikBjare merged commit 7fa7df7 into master Mar 21, 2026
14 checks passed
@greptile-apps
Copy link

greptile-apps bot commented Mar 21, 2026

Greptile Summary

This PR is a Dependabot-generated dependency bump of actions/checkout from v4 to v6 across all five GitHub Actions workflow files. The key behavioral change introduced in v6 is that credentials are now stored under $RUNNER_TEMP (via a git includeIf directive) rather than directly in the local .git/config. All workflows run on GitHub-hosted runners, which are kept up to date and satisfy v6's minimum runner requirement (v2.329.0 for Docker container action credential scenarios). None of the workflows in this repository use Docker container actions, so this breaking change does not apply here.

  • build.yml, build-tauri.yml, dev-release.yml, codeql.yml, diagram.yml — all updated from actions/checkout@v4 to actions/checkout@v6
  • The create-tag job in dev-release.yml uses a PAT token for checkout and then performs a git push; this continues to work correctly under v6's new credential storage mechanism on standard GitHub-hosted runners
  • No Docker container actions are present in any workflow, so the only notable v6 behavioral change has no impact here

Confidence Score: 5/5

  • This PR is safe to merge; it is a routine, automated dependency bump with no functional risk to any workflow.
  • The change is purely a version tag update across five CI workflow files. The only breaking change in v6 (credential storage location) only affects Docker container action scenarios, which are absent from all workflows in this repository. GitHub-hosted runners satisfy the minimum version requirement. No custom logic or step behavior is altered.
  • No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/build-tauri.yml Bumps actions/checkout from v4 to v6 in two steps (build matrix and release-notes job). No Docker container actions used, so v6's credential storage change is transparent.
.github/workflows/build.yml Bumps actions/checkout from v4 to v6 in two steps (build matrix and release-notes job). Standard runner usage with no Docker container actions.
.github/workflows/codeql.yml Bumps actions/checkout from v4 to v6. Paired with github/codeql-action@v2; the two actions are independent so no compatibility concern.
.github/workflows/dev-release.yml Bumps actions/checkout from v4 to v6 in two steps. The create-tag job uses a PAT token for checkout then pushes a git tag; v6 stores credentials under $RUNNER_TEMP (via includeIf) instead of the local git config, which remains compatible with standard git push on GitHub-hosted runners.
.github/workflows/diagram.yml Bumps actions/checkout from v4 to v6. Straightforward single-step checkout with no special credential requirements.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[GitHub Event\npush / PR / schedule] --> B{Workflow}
    B --> C[build.yml]
    B --> D[build-tauri.yml]
    B --> E[codeql.yml]
    B --> F[dev-release.yml]
    B --> G[diagram.yml]

    C --> H[actions/checkout v6]
    D --> H
    E --> H
    F --> H
    G --> H

    H --> I[Credentials stored in\nRUNNER_TEMP via includeIf\ninstead of local git config]
    I --> J[Subsequent steps:\nbuild / test / package / release]
Loading

Last reviewed commit: "build(deps): bump ac..."

@dependabot dependabot bot deleted the dependabot/github_actions/actions/checkout-6 branch March 21, 2026 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ErikBjare