diff --git a/.github/workflows/boulder-ci.yml b/.github/workflows/boulder-ci.yml index ec99a0e4516..90d13c17ba1 100644 --- a/.github/workflows/boulder-ci.yml +++ b/.github/workflows/boulder-ci.yml @@ -71,7 +71,7 @@ jobs: # Sequence of tasks that will be executed as part of the job. steps: # Checks out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false @@ -108,7 +108,7 @@ jobs: steps: # Checks out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false @@ -133,7 +133,7 @@ jobs: steps: # Checks out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/check-iana-registries.yml b/.github/workflows/check-iana-registries.yml index 4e78841633f..7506354c0c0 100644 --- a/.github/workflows/check-iana-registries.yml +++ b/.github/workflows/check-iana-registries.yml @@ -15,8 +15,9 @@ jobs: steps: - name: Checkout iana/data from main branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: + persist-credentials: false sparse-checkout: iana/data # If the branch already exists, this will fail, which will remind us about diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3d37465950b..216650cdafd 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,7 +18,9 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 + with: + persist-credentials: false - name: Initialize CodeQL uses: github/codeql-action/init@v4 - name: Autobuild diff --git a/.github/workflows/cps-review.yml b/.github/workflows/cps-review.yml index c416fca66b8..6aa021eb411 100644 --- a/.github/workflows/cps-review.yml +++ b/.github/workflows/cps-review.yml @@ -18,14 +18,17 @@ jobs: go-version: "stable" - name: Checkout Upstream - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: + persist-credentials: false ref: ${{ github.event.pull_request.base.ref }} - name: Get Current Flags run: go run ./test/list-features/list-features.go | sort >| /tmp/currflags.txt - name: Checkout PR - uses: actions/checkout@v4 + uses: actions/checkout@v6 + with: + persist-credentials: false - name: Get PR Flags run: go run ./test/list-features/list-features.go | sort >| /tmp/prflags.txt diff --git a/.github/workflows/merged-to-main-or-release-branch.yml b/.github/workflows/merged-to-main-or-release-branch.yml index a1afad4f904..aacf553d701 100644 --- a/.github/workflows/merged-to-main-or-release-branch.yml +++ b/.github/workflows/merged-to-main-or-release-branch.yml @@ -14,6 +14,6 @@ jobs: name: Merged to main (or hotfix) runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dbfa6bec613..ee87484f739 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false fetch-depth: '0' # Needed for verify-release-ancestry.sh to see origin/main @@ -41,7 +41,7 @@ jobs: contents: write packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false fetch-depth: '0' # Needed for verify-release-ancestry.sh to see origin/main @@ -89,7 +89,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/try-release.yml b/.github/workflows/try-release.yml index b0c734174e8..0b5a371f1f3 100644 --- a/.github/workflows/try-release.yml +++ b/.github/workflows/try-release.yml @@ -23,7 +23,7 @@ jobs: - "1.25.5" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false