From 8040f1db4809765ae73897cfcebd37d702a953c6 Mon Sep 17 00:00:00 2001 From: natsuoto <279971144+natsuoto@users.noreply.github.com> Date: Tue, 28 Apr 2026 15:56:29 +0530 Subject: chore: bump GitHub Actions to current major versions Pure version bumps; workflow behavior is unchanged. - actions/checkout v3 -> v5 - actions/setup-python v3 -> v5 - github/codeql-action/{init,autobuild,analyze} v2 -> v3 - pypa/gh-action-pypi-publish SHA-pinned -> v1.14.0 SHA, with trailing version comment for human readability The @v3 actions ran on the deprecated Node 16 runtime; @v5 (and codeql-action @v3) all use Node 20, the current GitHub-supported runtime. Third-party pypa publish action stays SHA-pinned for supply-chain safety. Closes #34 --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/coverage.yml | 4 ++-- .github/workflows/github-actions.yml | 4 ++-- .github/workflows/python-publish.yml | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 921fe4c..94c2055 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,11 +38,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v5 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -69,4 +69,4 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 18ea7af..79c7a5f 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -5,8 +5,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/checkout@v5 + - uses: actions/setup-python@v5 with: python-version: 3.11 - name: install dependencies diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml index 1c20599..1af692a 100644 --- a/.github/workflows/github-actions.yml +++ b/.github/workflows/github-actions.yml @@ -156,10 +156,10 @@ jobs: tox_env: 'py314' os: 'macos-latest' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.python_arch }} diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index ec70354..a9e0e8f 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -21,9 +21,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Set up Python - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: '3.x' - name: Install dependencies @@ -33,7 +33,7 @@ jobs: - name: Build package run: python -m build - name: Publish package - uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 + uses: pypa/gh-action-pypi-publish@6733eb7d741f0b11ec6a39b58540dab7590f9b7d # v1.14.0 with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} -- cgit v1.2.3