boltless.me / zoekt
fork of https://github.com/sourcegraph/zoekt
0
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

chore/ci: bump GitHub Actions to latest pinned versions (#1051)

Many of the actions in our workflows were several major versions behind
their current releases. Stale action versions miss security fixes,
runtime improvements, and node runtime upgrades that newer GitHub
runners increasingly require.

This bumps each action to the current latest stable major version while
keeping the existing pinning style (major-version tag for first-party
or well-known actions, full SHA for the third-party fuzz action).

Test Plan: CI on the resulting PR will exercise every updated workflow.

author
Keegan Carruthers-Smith committer
GitHub date (Apr 28, 2026, 12:19 PM +0200) commit cd5247d8 parent 1f9ef56b
+19 -33
+1 -1
.github/workflows/buf-breaking-check.yml
··· 9 9 runs-on: ubuntu-latest 10 10 steps: 11 11 # Run `git checkout` 12 - - uses: actions/checkout@v2 12 + - uses: actions/checkout@v6 13 13 # Install the `buf` CLI 14 14 - uses: bufbuild/buf-setup-action@v1 15 15 # Run breaking change detection against the `main` branch
+10 -24
.github/workflows/ci.yml
··· 11 11 container: alpine:edge # latest go pls 12 12 steps: 13 13 - name: checkout 14 - uses: actions/checkout@v3 14 + uses: actions/checkout@v6 15 15 16 16 - name: add dependencies 17 17 run: apk add go git tar 18 18 19 19 - name: Cache ctags 20 - uses: actions/cache@v3 20 + uses: actions/cache@v5 21 21 with: 22 22 path: /usr/local/bin/universal-ctags 23 23 key: ${{ runner.os }}-ctags-${{ hashFiles('install-ctags-alpine.sh') }} 24 24 25 25 - name: Cache Go modules 26 - uses: actions/cache@v3 26 + uses: actions/cache@v5 27 27 with: 28 28 path: | 29 29 ~/.cache/go-build ··· 41 41 - name: test 42 42 run: go test ./... 43 43 44 - fuzz-test: 45 - name: fuzz test 46 - runs-on: ubuntu-latest 47 - container: alpine:edge 48 - steps: 49 - - name: add dependencies 50 - run: apk add bash go 51 - - uses: jidicula/go-fuzz-action@2d8b802597c47a79764d83dabc27fb672f2fb8d9 52 - with: 53 - packages: 'github.com/sourcegraph/zoekt' # This is the package where the Protobuf round trip tests are defined 54 - fuzz-time: 30s 55 - fuzz-minimize-time: 1m 56 - go-version: '1.23' 57 - 58 44 shellcheck: 59 45 name: shellcheck 60 46 runs-on: ubuntu-latest 61 47 steps: 62 - - uses: actions/checkout@v3 48 + - uses: actions/checkout@v6 63 49 - name: Run ShellCheck 64 - uses: ludeeus/action-shellcheck@1.1.0 50 + uses: ludeeus/action-shellcheck@2.0.0 65 51 66 52 shfmt: 67 53 name: shfmt 68 54 runs-on: ubuntu-latest 69 55 steps: 70 - - uses: actions/checkout@v3 71 - - uses: reviewdog/action-shfmt@v1.0.2 56 + - uses: actions/checkout@v6 57 + - uses: reviewdog/action-shfmt@v1.0.4 72 58 with: 73 59 filter_mode: "nofilter" 74 60 fail_on_error: "true" ··· 79 65 runs-on: ubuntu-latest 80 66 steps: 81 67 # Run `git checkout` 82 - - uses: actions/checkout@v2 68 + - uses: actions/checkout@v6 83 69 # Install the `buf` CLI 84 70 - uses: bufbuild/buf-setup-action@v1 85 71 with: ··· 92 78 runs-on: ubuntu-latest 93 79 steps: 94 80 # Run `git checkout` 95 - - uses: actions/checkout@v2 81 + - uses: actions/checkout@v6 96 82 # Install the `buf` CLI 97 83 - uses: bufbuild/buf-setup-action@v1 98 84 with: ··· 105 91 runs-on: ubuntu-latest 106 92 steps: 107 93 # Run `git checkout` 108 - - uses: actions/checkout@v2 94 + - uses: actions/checkout@v6 109 95 # Install the `buf` CLI 110 96 - uses: bufbuild/buf-setup-action@v1 111 97 with:
+5 -5
.github/workflows/docker.yml
··· 16 16 packages: write 17 17 steps: 18 18 - name: checkout 19 - uses: actions/checkout@v4 19 + uses: actions/checkout@v6 20 20 with: 21 21 fetch-depth: 0 22 22 ··· 25 25 run: .github/workflows/docker-version.sh 26 26 27 27 - name: setup-buildx 28 - uses: docker/setup-buildx-action@v3 28 + uses: docker/setup-buildx-action@v4 29 29 30 30 - name: docker-meta 31 31 id: meta 32 - uses: docker/metadata-action@v5 32 + uses: docker/metadata-action@v6 33 33 with: 34 34 images: ghcr.io/${{ github.repository }} 35 35 tags: | ··· 40 40 type=sha,prefix=sha-,format=short 41 41 42 42 - name: login to ghcr.io 43 - uses: docker/login-action@v3 43 + uses: docker/login-action@v4 44 44 with: 45 45 registry: ghcr.io 46 46 username: ${{ github.actor }} 47 47 password: ${{ secrets.GITHUB_TOKEN }} 48 48 49 49 - name: build and push 50 - uses: docker/build-push-action@v6 50 + uses: docker/build-push-action@v7 51 51 with: 52 52 context: . 53 53 push: true
+3 -3
.github/workflows/semgrep.yml
··· 15 15 image: returntocorp/semgrep 16 16 17 17 steps: 18 - - uses: actions/checkout@v4 18 + - uses: actions/checkout@v6 19 19 with: 20 20 ref: ${{ github.event.pull_request.head.ref }} 21 21 repository: ${{ github.event.pull_request.head.repo.full_name }} 22 22 23 23 - name: Checkout semgrep-rules repo 24 - uses: actions/checkout@v4 24 + uses: actions/checkout@v6 25 25 with: 26 26 repository: sourcegraph/security-semgrep-rules 27 27 token: ${{ secrets.GH_SEMGREP_SAST_TOKEN }} ··· 32 32 mv semgrep-rules ../ 33 33 semgrep ci -f ../semgrep-rules/semgrep-rules/ --metrics=off --oss-only --suppress-errors --sarif -o results.sarif --exclude='semgrep-rules' --baseline-commit "$(git merge-base main HEAD)" || true 34 34 - name: Upload SARIF file 35 - uses: github/codeql-action/upload-sarif@v3 35 + uses: github/codeql-action/upload-sarif@v4 36 36 with: 37 37 sarif_file: results.sarif