Skip to content

Update GitHub Actions dependencies (major) #5602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update GitHub Actions dependencies (major) #5602

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/actions/upload-actual/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ runs:
using: composite
steps:
- name: Upload Actual Results
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: actual_${{ inputs.name }}
path: ${{ inputs.it-dir }}/${{ inputs.actual-dir }}
Expand All @@ -46,7 +46,7 @@ runs:
npx diff2html-cli --input file --style side --file "target/diff_${NAME}.html" -- "target/test.diff"

- name: Upload Diff Report
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: diff_${{ inputs.name }}
path: ${{ inputs.it-dir }}/target/diff_${{ inputs.name }}.html
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/PrepareNextIteration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
steps:

- name: Checkout Sources
uses: actions/checkout@v4
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
build-number: ${{ steps.build-maven.outputs.BUILD_NUMBER }}
deployed: ${{ steps.build-maven.outputs.deployed }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.4.25
Expand Down Expand Up @@ -71,7 +71,7 @@ jobs:
env:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
Expand Down Expand Up @@ -138,7 +138,7 @@ jobs:
env:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
Expand Down Expand Up @@ -186,7 +186,7 @@ jobs:
env:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.4.25
Expand Down Expand Up @@ -233,7 +233,7 @@ jobs:
env:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.4.25
Expand Down Expand Up @@ -268,7 +268,7 @@ jobs:
env:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.4.25
Expand Down Expand Up @@ -321,7 +321,7 @@ jobs:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}
SQ_VERSION: LATEST_RELEASE
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# For now, the autoscan job need to execute two mvn commands:
# * The build of java-checks-test-sources module which requires Java 24.
# * The tests using Orchestrator and SonarQube that, for now, fail to work using Java 24
Expand Down Expand Up @@ -390,7 +390,7 @@ jobs:
steps:
- name: Config Git
run: git config --global core.autocrlf input
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.4.25
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dogfood.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
# Notify on Slack
- name: Notify failures on Slack
if: failure()
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2
env:
SLACK_BOT_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }}
with:
Comment on lines +40 to 43
Copy link
Copy Markdown
Contributor

@sonar-review-alpha sonar-review-alpha Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The jump from v1.26.0 to v3.0.2 crosses a major rewrite (v2) that changed the action's input API. In v2+, the recommended approach moved to an explicit method/payload model. Whether slack-message + SLACK_BOT_TOKEN env var are still accepted in v3 needs to be verified.

GitHub Actions silently ignores unrecognised inputs, so if slack-message was dropped, this step would run, appear successful in the log, and send nothing — invisible until an actual pipeline failure reveals it.

Please test this against a real failure or check the v3 action README to confirm the shorthand inputs are still supported. If they're not, the fix is to switch to the payload input:

uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2
env:
  SLACK_BOT_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }}
with:
  method: chat.postMessage
  token: ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }}
  payload: |
    {
      "channel": "squad-jvm-notifs",
      "text": "Dogfood build for `${{ steps.dogfood.outputs.sha1 }}`: *failed*, see the logs at https://github.com/SonarSource/sonar-java/actions/workflows/dogfood.yml"
    }
  • Mark as noise

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/mark-prs-stale.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v9
- uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10
with:
stale-pr-message: 'This PR is stale because it has been open 7 days with no activity. If there is no activity in the next 7 days it will be closed automatically'
stale-pr-label: 'stale'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/unified-dogfooding.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
id-token: write
contents: read
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
with:
version: 2026.4.25
Expand Down
Loading