docs: Update outdated GitHub Actions versions

[pgoslatara]

The PR updates outdated GitHub Action versions to ensure compatibility with the latest tools and features. Several workflows in the repository are using deprecated versions of actions like actions/upload-artifact, actions/cache, and actions/checkout, which are now updated to version v6 or v8 to support new functionality and improvements.

Changes 🏗️

• Updated actions/upload-artifact from v4 to v6 in .github/workflows/classic-forge-ci.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/classic-benchmark_publish_package.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/platform-fullstack-ci.yml
• Updated actions/cache from v4 to v5 in .github/workflows/classic-benchmark-ci.yml
• Updated actions/github-script from v7 to v8 in .github/workflows/platform-dev-deploy-event-dispatcher.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-python-checks.yml
• Updated actions/cache from v4 to v5 in .github/workflows/platform-backend-ci.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/platform-autogpt-deploy-dev.yaml
• Updated actions/checkout from v4 to v6 in .github/workflows/claude.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-autogpt-ci.yml
• Updated actions/setup-node from v4 to v6 in .github/workflows/claude.yml
• Updated peter-evans/create-pull-request from v7 to v8 in .github/workflows/classic-frontend-ci.yml
• Updated actions/github-script from v7 to v8 in .github/workflows/claude-ci-failure-auto-fix.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/codeql.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-autogpt-docker-cache-clean.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/classic-forge-ci.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/claude-dependabot.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-autogpts-ci.yml
• Updated actions/setup-node from v4 to v6 in .github/workflows/copilot-setup-steps.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/classic-autogpt-ci.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-frontend-ci.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/platform-autogpt-deploy-prod.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/classic-benchmark-ci.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/claude-dependabot.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-forge-ci.yml
• Updated actions/setup-node from v4 to v6 in .github/workflows/platform-fullstack-ci.yml
• Updated actions/cache from v4 to v5 in .github/workflows/platform-fullstack-ci.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/claude-ci-failure-auto-fix.yml
• Updated actions/upload-artifact from v4 to v6 in .github/workflows/classic-autogpt-ci.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-autogpt-docker-ci.yml
• Updated actions/setup-node from v4 to v6 in .github/workflows/claude-dependabot.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/claude.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/repo-workflow-checker.yml
• Updated actions/cache from v4 to v5 in .github/workflows/copilot-setup-steps.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/copilot-setup-steps.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/platform-backend-ci.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/platform-frontend-ci.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-benchmark_publish_package.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/copilot-setup-steps.yml
• Updated actions/setup-python from v5 to v6 in .github/workflows/platform-autogpt-deploy-prod.yml
• Updated actions/checkout from v4 to v6 in .github/workflows/classic-autogpt-docker-release.yml
• Updated actions/cache from v4 to v5 in .github/workflows/copilot-setup-steps.yml
• Updated actions/cache from v4 to v5 in .github/workflows/classic-forge-ci.yml
• Updated actions/cache from v4 to v5 in .github/workflows/platform-frontend-ci.yml
• Updated actions/cache from v4 to v5 in .github/workflows/classic-python-checks.yml
• Updated actions/cache from v4 to v5 in .github/workflows/claude-dependabot.yml

Checklist 📋

• I have clearly listed my changes in the PR description
• I have made a test plan
  • Test plan includes creating agents, importing from marketplace, uploading to marketplace, editing agents, etc.

Test Plan

The changes will be tested in the CI pipeline of the pull request. The test plan includes:

• Automated tests for workflows using the updated actions
• Integration tests to ensure compatibility with the latest GitHub Actions tools
• Manual verification of critical workflows (e.g., claude.yml, platform-fullstack-ci.yml)

---

Note

Repository-wide CI maintenance to keep workflows current and compatible.

• Bumps core actions: actions/checkout@v6, actions/setup-python@v6, actions/setup-node@v6, actions/cache@v5, actions/upload-artifact@v6, actions/github-script@v8, peter-evans/create-pull-request@v8
• Applies across many workflows: classic agents (classic-autogpt-ci, classic-forge-ci, classic-autogpts-ci), Docker build/test/release, benchmarking, frontend CI, platform backend/frontend/fullstack CI, deploy pipelines, CodeQL, Copilot/Claude helpers, and repo status checker
• No workflow logic changes; version updates only

^{Written by Cursor Bugbot for commit c2b4931. This will update automatically on new commits. Configure here.}

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Walkthrough

GitHub Actions workflow files across the repository are updated with newer major/minor versions of standard GitHub Actions tools. All 23 workflow files receive version bumps for checkout, setup-python, setup-node, cache, upload-artifact, github-script, and related actions. No functional logic or control flow modifications are introduced.

Changes

Cohort / File(s)

Summary

GitHub Actions version updates ​.github/workflows/classic-autogpt-ci.yml, classic-autogpt-docker-cache-clean.yml, classic-autogpt-docker-ci.yml, classic-autogpt-docker-release.yml, classic-autogpts-ci.yml, classic-benchmark-ci.yml, classic-benchmark_publish_package.yml, classic-forge-ci.yml, classic-frontend-ci.yml, classic-python-checks.yml, claude-ci-failure-auto-fix.yml, claude-dependabot.yml, claude.yml, codeql.yml, copilot-setup-steps.yml, platform-autogpt-deploy-dev.yaml, platform-autogpt-deploy-prod.yml, platform-backend-ci.yml, platform-dev-deploy-event-dispatcher.yml, platform-frontend-ci.yml, platform-fullstack-ci.yml, repo-workflow-checker.yml

Bumped action versions: actions/checkout@v4 → @v6, actions/setup-python@v5 → @v6, actions/cache@v4 → @v5, actions/setup-node@v4 → @v6, actions/upload-artifact@v4 → @v6, actions/github-script@v7 → @v8, peter-evans/create-pull-request@v7 → @v8. All changes are version-only updates with no modifications to workflow logic, conditions, or step sequencing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Actions upgraded with rabbity cheer,
v4 and v5 fade, v6 is here!
Checkout and cache hop to the new way,
Fresh workflows bouncing through night and day!
Our CI pipeline springs forward with glee! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'docs: Update outdated GitHub Actions versions' accurately summarizes the main change—updating GitHub Actions to newer versions across workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description clearly describes the purpose of updating outdated GitHub Action versions for compatibility and lists specific changes across multiple workflows.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

This PR targets the master branch but does not come from dev or a hotfix/* branch.

Automatically setting the base branch to dev.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (dev@f31c160). Learn more about missing BASE report.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@          Coverage Diff           @@
##             dev   #11774   +/-   ##
======================================
  Coverage       ?   49.61%           
======================================
  Files          ?      144           
  Lines          ?     8914           
  Branches       ?     1240           
======================================
  Hits           ?     4423           
  Misses         ?     4344           
  Partials       ?      147           

Flag	Coverage Δ
Linux	49.42% <ø> (?)
Windows	52.35% <ø> (?)
agbenchmark	34.07% <ø> (?)
autogpt-agent	33.94% <ø> (?)
forge	58.02% <ø> (?)
macOS	48.88% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[qodo-code-review]

ⓘ Your approaching your monthly quota for Qodo. Upgrade your plan

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Supply chain risk: workflows reference actions by mutable version tags (e.g., actions/checkout@v6, actions/cache@v5, actions/github-script@v8). Consider pinning to a full commit SHA for third-party and core actions to reduce the risk of a compromised or retagged release being pulled into CI.

⚡ Recommended focus areas for review Compatibility Multiple GitHub Actions are bumped to new major versions. Validate that the referenced major versions actually exist and that any breaking input/output changes are accounted for (e.g., actions/checkout, actions/setup-python, actions/cache, actions/upload-artifact), otherwise CI may start failing at runtime. - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 submodules: true - name: Configure git user Auto-GPT-Bot run: | git config --global user.name "Auto-GPT-Bot" git config --global user.email "github-bot@agpt.co" - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - id: get_date name: Get date run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT - name: Set up Python dependency cache # On Windows, unpacking cached dependencies takes longer than just installing them if: runner.os != 'Windows' uses: actions/cache@v5 with: Cache Semantics actions/cache is upgraded; confirm cache behavior and key/restore-keys semantics remain correct for pnpm and Docker layer caching, and that paths being cached align with the tooling configuration (pnpm store dir, buildx cache dir) to avoid silent cache misses or corrupted restores. steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 with: node-version: "22.18.0" - name: Enable corepack run: corepack enable - name: Generate cache key id: cache-key run: echo "key=${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml', 'autogpt_platform/frontend/package.json') }}" >> $GITHUB_OUTPUT - name: Cache dependencies uses: actions/cache@v5 with: path: ~/.pnpm-store key: ${{ steps.cache-key.outputs.key }} restore-keys: | ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }} ${{ runner.os }}-pnpm- - name: Install dependencies run: pnpm install --frozen-lockfile lint: runs-on: ubuntu-latest needs: setup steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 with: node-version: "22.18.0" - name: Enable corepack run: corepack enable - name: Restore dependencies cache uses: actions/cache@v5 with: path: ~/.pnpm-store key: ${{ needs.setup.outputs.cache-key }} restore-keys: | ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }} ${{ runner.os }}-pnpm- - name: Install dependencies run: pnpm install --frozen-lockfile - name: Run lint run: pnpm lint chromatic: runs-on: ubuntu-latest needs: setup # Only run on dev branch pushes or PRs targeting dev if: github.ref == 'refs/heads/dev' || github.base_ref == 'dev' steps: - name: Checkout repository uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Node.js uses: actions/setup-node@v6 with: node-version: "22.18.0" - name: Enable corepack run: corepack enable - name: Restore dependencies cache uses: actions/cache@v5 with: path: ~/.pnpm-store key: ${{ needs.setup.outputs.cache-key }} restore-keys: | ${{ runner.os }}-pnpm-${{ hashFiles('autogpt_platform/frontend/pnpm-lock.yaml') }} ${{ runner.os }}-pnpm- - name: Install dependencies run: pnpm install --frozen-lockfile - name: Run Chromatic uses: chromaui/action@latest with: projectToken: chpt_9e7c1a76478c9c8 onlyChanged: true workingDir: autogpt_platform/frontend token: ${{ secrets.GITHUB_TOKEN }} exitOnceUploaded: true test: runs-on: big-boi needs: setup strategy: fail-fast: false steps: - name: Checkout repository uses: actions/checkout@v6 with: submodules: recursive - name: Set up Node.js uses: actions/setup-node@v6 with: node-version: "22.18.0" - name: Enable corepack run: corepack enable - name: Copy default supabase .env run: | cp ../.env.default ../.env - name: Copy backend .env and set OpenAI API key run: | cp ../backend/.env.default ../backend/.env echo "OPENAI_INTERNAL_API_KEY=${{ secrets.OPENAI_API_KEY }}" >> ../backend/.env env: # Used by E2E test data script to generate embeddings for approved store agents OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Cache Docker layers uses: actions/cache@v5 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-frontend-test-${{ hashFiles('autogpt_platform/docker-compose.yml', 'autogpt_platform/backend/Dockerfile', 'autogpt_platform/backend/pyproject.toml', 'autogpt_platform/backend/poetry.lock') }} API Changes actions/github-script is upgraded to a new major version; verify that the GitHub API client surface, default permissions/token handling, and script runtime expectations are unchanged for the existing scripts, as minor differences can break workflow automation steps. - name: Get CI failure details id: failure_details uses: actions/github-script@v8 with:

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/platform-frontend-ci.yml (1)

240-256: Inconsistent upload-artifact versions.

Line 242 uses actions/upload-artifact@v6 while Line 251 still uses actions/upload-artifact@v4. This appears to be an oversight - both artifact upload steps should use the same version for consistency.

Proposed fix

       - name: Upload Playwright test results
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: playwright-test-results
           path: test-results
           if-no-files-found: ignore
           retention-days: 3

🤖 Fix all issues with AI agents

In @.github/workflows/platform-frontend-ci.yml:
- Around line 33-36: Update the workflow to account for breaking changes in
actions/checkout@v6 and actions/setup-node@v6: verify and, if needed, pin or
roll back the uses entries for actions/checkout@v6 and actions/setup-node@v6;
ensure any logic that depended on the old persist-credentials behavior is
updated (or set persist-credentials explicitly / upgrade Actions Runner to
v2.329.0+ if you need authenticated git inside Docker); remove any use of the
removed always-auth input for setup-node and adjust npm caching behavior by
setting packageManager or devEngines in package.json or configuring setup-node
cache inputs to achieve the previous behavior.

🧹 Nitpick comments (1)

.github/workflows/classic-benchmark_publish_package.yml (1)

20-21: Consider updating Python version (out of scope for this PR).

Python 3.8 reached end-of-life in October 2024. While this is unrelated to the GitHub Actions version updates in this PR, consider updating to a supported Python version (3.10+) in a future PR.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 375d33c and 55c48b5.

📒 Files selected for processing (22)

• .github/workflows/classic-autogpt-ci.yml
• .github/workflows/classic-autogpt-docker-cache-clean.yml
• .github/workflows/classic-autogpt-docker-ci.yml
• .github/workflows/classic-autogpt-docker-release.yml
• .github/workflows/classic-autogpts-ci.yml
• .github/workflows/classic-benchmark-ci.yml
• .github/workflows/classic-benchmark_publish_package.yml
• .github/workflows/classic-forge-ci.yml
• .github/workflows/classic-frontend-ci.yml
• .github/workflows/classic-python-checks.yml
• .github/workflows/claude-ci-failure-auto-fix.yml
• .github/workflows/claude-dependabot.yml
• .github/workflows/claude.yml
• .github/workflows/codeql.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/platform-autogpt-deploy-dev.yaml
• .github/workflows/platform-autogpt-deploy-prod.yml
• .github/workflows/platform-backend-ci.yml
• .github/workflows/platform-dev-deploy-event-dispatcher.yml
• .github/workflows/platform-frontend-ci.yml
• .github/workflows/platform-fullstack-ci.yml
• .github/workflows/repo-workflow-checker.yml

🧰 Additional context used

🧠 Learnings (19)

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/frontend/**/*.{ts,tsx,json} : Use Node.js 21+ with pnpm package manager for frontend development

Applied to files:

• .github/workflows/platform-frontend-ci.yml
• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:49:03.583Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: autogpt_platform/CLAUDE.md:0-0
Timestamp: 2025-11-25T08:49:03.583Z
Learning: Applies to autogpt_platform/backend/** : Install dependencies for backend using `poetry install`

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/backend/**/*.py : Use Python 3.10-3.13 with Python 3.11 required for development (managed by Poetry via pyproject.toml)

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/backend/pyproject.toml : Use Poetry for Python dependency management. Always verify pyproject.toml lock validation in CI

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/classic-autogpt-ci.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/backend/**/*.py : Always run backend setup commands in order: poetry install, poetry run prisma migrate dev, poetry run prisma generate before backend development

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:49:03.583Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: autogpt_platform/CLAUDE.md:0-0
Timestamp: 2025-11-25T08:49:03.583Z
Learning: Applies to autogpt_platform/backend/**/*_test.py : Run backend tests using `poetry run test` or `poetry run pytest path/to/test_file.py::test_function_name`

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/backend/blocks/test/**/*.py : For backend tests, use poetry run pytest for validation. Block tests: poetry run pytest backend/blocks/test/test_block.py -xvs. Specific block: poetry run pytest 'backend/blocks/test/test_block.py::test_available_blocks[BlockName]' -xvs. Use --snapshot-update when output changes and always review with git diff

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/backend/**/*.py : Always run poetry run format (Black + isort) before poetry run lint (ruff) for backend code

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:55.844Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:48:55.844Z
Learning: Applies to autogpt_platform/backend/**/*.test.py : Run `poetry run test` for backend testing using pytest with docker-based postgres + prisma

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:55.844Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:48:55.844Z
Learning: Applies to autogpt_platform/{backend,autogpt_libs}/**/*.py : Format Python code with `poetry run format`

Applied to files:

• .github/workflows/claude.yml

📚 Learning: 2025-11-25T08:49:03.583Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: autogpt_platform/CLAUDE.md:0-0
Timestamp: 2025-11-25T08:49:03.583Z
Learning: Applies to autogpt_platform/backend/** : Run database migrations using `poetry run prisma migrate dev`

Applied to files:

• .github/workflows/claude.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/frontend/package.json : Use pnpm for Node.js package management in frontend. Verify pnpm lock validation

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:49:03.583Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: autogpt_platform/CLAUDE.md:0-0
Timestamp: 2025-11-25T08:49:03.583Z
Learning: Applies to autogpt_platform/frontend/** : Install frontend dependencies using `pnpm i` instead of npm

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/frontend/**/*.{ts,tsx} : Always run pnpm install before frontend development, then use pnpm dev to start development server on port 3000

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:55.844Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:48:55.844Z
Learning: Applies to autogpt_platform/frontend/**/*.{js,ts,jsx,tsx} : Format frontend code using `pnpm format`

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:55.844Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:48:55.844Z
Learning: Applies to autogpt_platform/frontend/**/*.{test,spec}.{ts,tsx} : Run `pnpm test` or `pnpm test-ui` for frontend Playwright tests before committing

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Applies to autogpt_platform/frontend/**/*.{ts,tsx} : For frontend code formatting and linting, always run pnpm format

Applied to files:

• .github/workflows/claude.yml
• .github/workflows/copilot-setup-steps.yml
• .github/workflows/claude-dependabot.yml

📚 Learning: 2025-11-25T08:48:33.246Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-25T08:48:33.246Z
Learning: Ensure Docker services (database, redis, rabbitmq, clamav) are always running before starting backend development by running: cd autogpt_platform && docker compose --profile local up deps --build --detach

Applied to files:

• .github/workflows/platform-fullstack-ci.yml

📚 Learning: 2025-11-25T08:49:03.583Z

Learnt from: CR
Repo: Significant-Gravitas/AutoGPT PR: 0
File: autogpt_platform/CLAUDE.md:0-0
Timestamp: 2025-11-25T08:49:03.583Z
Learning: Applies to autogpt_platform/backend/**/*.py : Run linting and formatting: use `poetry run format` (Black + isort) to auto-fix, and `poetry run lint` (ruff) to check remaining errors

Applied to files:

• .github/workflows/claude-dependabot.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Seer Code Review

🔇 Additional comments (22)

.github/workflows/classic-autogpt-docker-cache-clean.yml (1)

19-19: Version update noted; verification pending from earlier comments.

The checkout action upgrade is consistent with the other workflow files in this PR. Assuming the version verification passes (as flagged in earlier comments), this change looks good.

.github/workflows/classic-autogpt-docker-ci.yml (2)

38-38: LGTM for the build job checkout update.

Consistent with the PR-wide version upgrade pattern.

---

103-106: LGTM for the test job checkout update.

The submodules: true option should remain compatible with the upgraded checkout action version.

.github/workflows/platform-autogpt-deploy-prod.yml (1)

19-27: Production workflow - ensure version compatibility is validated before merge.

This workflow deploys to the production environment. Given the criticality, ensure that:

1. The upgraded action versions (checkout@v6, setup-python@v6) are verified to exist
2. The workflow is tested in a non-production environment first
3. The ref parameter behavior remains consistent with the new checkout version

.github/workflows/codeql.yml (1)

61-61: No action needed. actions/checkout@v6 is stable and released (v6.0.1 from Dec 2, 2025).

.github/workflows/repo-workflow-checker.yml (1)

14-20: No action needed. Both actions/checkout@v6 (v6.0.2, released Jan 9, 2026) and actions/setup-python@v6 (v6.1.0, released Nov 25, 2025) are current, stable versions and are compatible with the workflow configuration.

.github/workflows/classic-autogpts-ci.yml (1)

47-55: Action version updates are valid.

The actions/setup-python@v6 exists and supports Python 3.13 and other versions. "Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release."

Since this workflow uses ubuntu-latest, the runner version requirement should be satisfied on GitHub-hosted runners.

.github/workflows/claude-ci-failure-auto-fix.yml (1)

25-29: Action version updates are valid.

The actions/checkout@v6 upgrade is compatible with this workflow. "This is not a breaking change for most workflows, despite the major version bump, and... any bare git commands in my workflows will, in fact, continue to work without any changes."

The workflow properly sets up git identity (lines 32-34) after checkout, which will work correctly with v6's credential handling.

Also applies to: 45-45

.github/workflows/platform-dev-deploy-event-dispatcher.yml (1)

20-20: GitHub Script action v8 upgrade is compatible with all scripts.

All 7 instances updated from actions/github-script@v7 to v8. The scripts use standard Octokit API methods (github.rest.issues.createComment, github.rest.pulls.get, github.rest.issues.listComments) and modern JavaScript (const, await, forEach) that are fully compatible with v8's Node.js 24 runtime. Verify that your GitHub Actions runners meet the minimum version requirement (v2.327.1) for this action.

.github/workflows/classic-frontend-ci.yml (1)

28-28: Action version upgrades are compatible and verified.

actions/checkout@v6 (v6.0.2 latest) and peter-evans/create-pull-request@v8 (v8.0.0 released Dec 9, 2025) are both valid. The create-pull-request v8 breaking changes (Actions Runner v2.327.1+ requirement for self-hosted runners) do not affect this workflow. The action's own documentation recommends actions/checkout@v6, making these upgrades aligned with upstream best practices.

.github/workflows/platform-fullstack-ci.yml (1)

32-37: Action versions are valid; verify runner compatibility for cache v5.

The actions/setup-node@v6 (v6.1.0, latest) correctly removes always-auth configuration handling and upgrades @actions/cache to 4.1.0. The actions/cache@v5 exists and is compatible with this workflow.

Note that actions/cache@v5 requires GitHub Actions runner version 2.327.1 or newer. If your repository uses self-hosted runners, ensure they are updated before using this version, as they must meet the minimum requirement.

Also applies to: 47-53, 66-73, 91-96

.github/workflows/classic-benchmark-ci.yml (1)

44-61: Version updates look consistent.

The action version bumps (checkout@v6, setup-python@v6, cache@v5) are applied consistently across both jobs in this workflow. The changes align with the PR's objective of updating GitHub Actions versions.

.github/workflows/platform-autogpt-deploy-dev.yaml (1)

27-35: LGTM!

The action version updates are consistent and the workflow logic remains unchanged.

.github/workflows/classic-python-checks.yml (1)

35-36: LGTM!

Version updates are applied consistently across all three jobs (get-changed-parts, lint, types).

.github/workflows/classic-autogpt-docker-release.yml (1)

22-23: LGTM!

The checkout action version bump is consistent with the PR's update pattern.

.github/workflows/platform-backend-ci.yml (1)

71-71: Version updates verified and approved.

The actions/checkout@v6 (latest version v6.0.1 as of December 2, 2025), actions/setup-python@v6, and actions/cache@v5 (which runs on Node.js 24 and requires a minimum Actions Runner version of 2.327.1) are all valid versions. Since this workflow runs on GitHub-hosted runners (ubuntu-latest), the runner version requirements will be automatically satisfied.

Also applies to: 77-77, 91-91

.github/workflows/classic-forge-ci.yml (1)

66-66: Version updates verified and approved for multi-platform workflow.

All updated action versions are valid: actions/checkout@v6 (v6.0.1), actions/setup-python@v6 (includes security fixes and upgraded dependencies), actions/cache@v5 (runs on Node.js 24, requires Actions Runner v2.327.1+), and actions/upload-artifact@v6 (runs on Node.js 24, requires Actions Runner v2.327.1+).

Since the workflow uses GitHub-hosted runners (ubuntu-latest, macos-latest, macos-14, windows-latest), the runner version requirements will be automatically met.

Also applies to: 103-103, 110-110, 240-240

.github/workflows/classic-benchmark_publish_package.yml (1)

13-13: Version updates verified and approved.

The actions/checkout@v6 and actions/setup-python@v6 updates are valid and appropriate for this publish workflow.

Also applies to: 19-19

.github/workflows/claude-dependabot.yml (1)

33-33: Version updates verified and approved.

All updated action versions are valid:

• actions/checkout@v6 (v6.0.1)
• actions/setup-python@v6 (requires runner v2.327.1+)
• actions/cache@v5 (runs on Node.js 24, requires runner v2.327.1+)
• actions/setup-node@v6 (includes changes to default auto-caching behavior for npm)

Since this workflow runs on GitHub-hosted runners (ubuntu-latest), all runner version requirements will be met.

Also applies to: 39-39, 44-44, 81-81, 94-94, 127-127

.github/workflows/copilot-setup-steps.yml (1)

30-30: Version updates verified and approved.

All updated action versions are valid and consistent with the broader PR pattern of upgrading to the latest stable versions. The workflow runs on GitHub-hosted runners (ubuntu-latest), which will satisfy all runner version requirements.

actions/checkout@v6 changes how credentials are persisted (storing under $RUNNER_TEMP instead of directly in local git config), but this "is not a breaking change for most workflows" and "git push workflows will still work."

Also applies to: 37-37, 42-42, 79-79, 92-92, 135-135

.github/workflows/claude.yml (1)

43-43: LGTM! GitHub Actions version updates are valid.

The actions/checkout is now at v6.0.1, actions/setup-python v6.0.0, actions/setup-node v6.0.0, and actions/cache v5 which runs on Node.js 24. All updated versions exist and are the current stable releases.

Runner compatibility note: actions/cache@v5 requires a minimum Actions Runner version of 2.327.1. actions/checkout@v6 requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios. GitHub-hosted runners (ubuntu-latest) should already meet these requirements, but verify self-hosted runner versions if applicable.

Also applies to: 55-55, 60-60, 97-97, 110-110, 143-143

.github/workflows/classic-autogpt-ci.yml (1)

64-64: LGTM! All action version updates are valid.

actions/upload-artifact@v6 now runs on Node.js 24 and requires a minimum Actions Runner version of 2.327.1. Combined with the checkout, setup-python, and cache updates, all versions are consistent with the latest stable releases.

The cross-platform matrix (ubuntu, macos, macos-arm64, windows) should work correctly with these updated action versions on GitHub-hosted runners.

Also applies to: 75-75, 86-86, 142-142

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

actions/checkout v6 GitHub Actions release

💡 Result:

Short summary — actions/checkout v6 (GitHub):

• Latest v6 tag: v6.0.2 (released Jan 9, 2026). [1]
• Major changes in v6:
  • persist-credentials now stores credentials in a separate file under $RUNNER_TEMP (improved credential security). [1][2]
  • No workflow changes required for ordinary git operations (git fetch, git push continue to work). [2]
  • Running authenticated git commands from a Docker container action requires Actions Runner v2.329.0 or later. [2][3]

Use: - uses: actions/checkout@v6. [2]

Sources:

• actions/checkout releases page (v6.0.2, v6.0.1, v6.0.0). [1]
• actions/checkout README / changelog (v6 what's new & usage). [2]
• GitHub Marketplace listing for Checkout (notes about runner requirement). [3]

---

🌐 Web query:

actions/setup-node v6 GitHub Actions release

💡 Result:

actions/setup-node v6 was released (see releases) — main points:

• v6.0.0 (release notes): breaking changes — automatic npm caching behavior changed (automatic npm cache enabled when package.json has packageManager/devEngines set to npm) and the deprecated always-auth input was removed. [1]
• v6.1.0: follow-up patch with dependency updates and removal of always-auth handling. [1]
• The repo README documents the v6 breaking changes and new caching defaults and usage examples (use package-manager-cache to opt out). [2]

Sources:
[1] actions/setup-node releases.
[2] actions/setup-node README / usage notes.

---

Review actions/checkout@v6 and actions/setup-node@v6 for breaking changes before merging.

Both versions exist (checkout v6.0.2, setup-node v6.0.0+) and include breaking changes:

• actions/checkout@v6: persist-credentials now stores credentials in a separate file. Running authenticated git commands from Docker container actions requires Actions Runner v2.329.0 or later.
• actions/setup-node@v6: Automatic npm caching behavior changed (now enabled when packageManager or devEngines is set to npm in package.json); the deprecated always-auth input was removed.

Verify your CI/CD workflows don't rely on the removed always-auth input and confirm Actions Runner version meets the Docker container requirement if applicable.

🤖 Prompt for AI Agents

In @.github/workflows/platform-frontend-ci.yml around lines 33 - 36, Update the
workflow to account for breaking changes in actions/checkout@v6 and
actions/setup-node@v6: verify and, if needed, pin or roll back the uses entries
for actions/checkout@v6 and actions/setup-node@v6; ensure any logic that
depended on the old persist-credentials behavior is updated (or set
persist-credentials explicitly / upgrade Actions Runner to v2.329.0+ if you need
authenticated git inside Docker); remove any use of the removed always-auth
input for setup-node and adjust npm caching behavior by setting packageManager
or devEngines in package.json or configuring setup-node cache inputs to achieve
the previous behavior.

[Pwuts]

Hi there, thanks for making this pull request!

I'm not sure why but the frontend CI seems very unhappy with these changes. Please make sure the "AutoGPT Platform - Frontend CI" passes, otherwise we can't merge this.

Also, while you are right the listed action usages have newer major versions available, that doesn't make them deprecated. I've checked some of them and the versions we currently use are still fairly recent, most of them only a few months old.

[pgoslatara]

@Pwuts Can you re-run the "AutoGPT Platform - Frontend CI" test? I didn't change anything that should impact the test so I'm puzzled as to why it failed and wonder if it was a one-off.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Inconsistent upload-artifact version update in same workflow

Medium Severity

The PR updates one actions/upload-artifact usage to v6 at line 242 ("Upload Playwright report") but misses updating the second usage at line 251 ("Upload Playwright test results"), which remains at v4. This creates an inconsistent state where the same workflow file uses two different major versions of the same action. Since artifact actions v4 and v6 may have different behaviors or APIs, this could lead to subtle inconsistencies between the two artifact upload steps.

Additional Locations (1)

• .github/workflows/platform-frontend-ci.yml#L241-L242

 

[ntindle]

Hey mate -- this seems ai generated and thus not a high bar to close and if not -- theres a lot more work to be done. lmk how you want to handle that but closing for now