Sync repo templates ⚙

Sync with coreos/repo-templates@1912d5a.

Author: coreosbot

.github/ISSUE_TEMPLATE/release-checklist.md

@@ -106,13 +106,13 @@ Push access to the upstream repository is required in order to publish the new t
 
 - Fedora packaging:
   - [ ] Review the proposed changes in the PR submitted by Packit in [Fedora](https://src.fedoraproject.org/rpms/rust-coreos-installer/pull-requests).
-  - [ ] once the PR merges to rawhide, merge rawhide into the other relevant branches (e.g. f42) then push those, for example:
+  - [ ] once the PR merges to rawhide, merge rawhide into the other relevant branches (e.g. f43) then push those, for example:
     ```bash
     git checkout rawhide
     git pull --ff-only
-    git checkout f42
+    git checkout f43
     git merge --ff-only rawhide
-    git push origin f42
+    git push origin f43
     ```
   - [ ] on each of those branches run `fedpkg build`
   - [ ] once the builds have finished, submit them to [bodhi](https://bodhi.fedoraproject.org/updates/new), filling in:

.github/dependabot.yml

@@ -1,6 +1,10 @@
 # Maintained in https://github.com/coreos/repo-templates
 # Do not edit downstream.
 
+# Updates are grouped together by ecosystem in a single PR. An update can be
+# removed from a combined update PR via comments to dependabot:
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-for-grouped-updates-with-comment-commands
+
 version: 2
 updates:
   - package-ecosystem: "github-actions"
@@ -9,6 +13,10 @@ updates:
       interval: "weekly"
     labels: ["skip-notes"]
     open-pull-requests-limit: 3
+    groups:
+      actions:
+        patterns:
+          - "*"
   - package-ecosystem: cargo
     directory: /
     schedule:
@@ -18,9 +26,6 @@ updates:
       - dependency
       - skip-notes
 
-    # Group all updates together in a single PR. We can remove some
-    # updates from a combined update PR via comments to dependabot:
-    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-for-grouped-updates-with-comment-commands
     groups:
       build:
         patterns:

.github/workflows/container-rebuild.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.inputs.git-tag }}
       - name: Build and push container

.github/workflows/containers.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Build and push container
         uses: coreos/actions-lib/build-container@main
         with:

.github/workflows/rpm.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Install packages
         run: dnf install -y git make mock
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         # fetch tags for versioning
         with:
           fetch-depth: 0

.github/workflows/shellcheck.yml

@@ -16,7 +16,7 @@ jobs:
     container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       # https://github.com/actions/checkout/issues/760
       - name: Mark git checkout as safe
         run: git config --global --add safe.directory "$GITHUB_WORKSPACE"