Skip to content

⬆️ Update actions/checkout action to v7#598

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/actions-checkout-7.x
Open

⬆️ Update actions/checkout action to v7#598
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/actions-checkout-7.x

Conversation

@renovate

@renovate renovate Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v6.0.3v7.0.0

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@greptile-apps

greptile-apps Bot commented Jun 18, 2026

Copy link
Copy Markdown

Greptile Summary

Bumps actions/checkout from v6.0.3 to v7.0.0 across all five GitHub Actions workflow files. The only behaviorally notable change in v7 is that it blocks checking out fork PR code when triggered via pull_request_target or workflow_run events — a security improvement.

  • docker.yml uses a workflow_run trigger, so it is technically in scope for v7's new fork-PR checkout blocking. However, this pipeline publishes Docker images after "Upload Python Package" completes, so it is never expected to be driven by a fork PR — the new guard has no practical effect.
  • All other workflows (docs.yml, markdown-code-runner.yml, pytest.yml, release.yml) use push, pull_request, or release triggers, which are entirely unaffected by the v7 change.

Confidence Score: 5/5

Safe to merge — all changes are version string updates with no logic modifications.

Every change in this PR is a single-line version bump from v6.0.3 to v7.0.0. The only meaningful behavioral addition in v7 is fork-PR checkout blocking for workflow_run and pull_request_target events. The one affected workflow (docker.yml) is a Docker-publishing pipeline that triggers after a successful package upload and is never invoked by fork PRs, so the new guard is a net security improvement with zero disruption risk.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/docker.yml Updates actions/checkout from v6.0.3 to v7.0.0; this workflow uses a workflow_run trigger, which is one of the two event types where v7 adds fork-PR checkout blocking — a positive security hardening with no functional impact here since this is a Docker publishing pipeline, not a PR-driven workflow.
.github/workflows/docs.yml Updates actions/checkout from v6.0.3 to v7.0.0; uses push/pull_request triggers unaffected by v7's new fork-PR blocking behavior.
.github/workflows/markdown-code-runner.yml Updates actions/checkout from v6.0.3 to v7.0.0; straightforward bump on a push/pull_request triggered workflow with no behavioral changes expected.
.github/workflows/pytest.yml Updates actions/checkout from v6.0.3 to v7.0.0; push/pull_request trigger is unaffected by v7 changes.
.github/workflows/release.yml Updates actions/checkout from v6.0.3 to v7.0.0 in both deploy and release jobs; triggered on release events only, fully unaffected by v7 fork-PR behavioral changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[actions/checkout v6.0.3] -->|upgraded to| B[actions/checkout v7.0.0]

    B --> C[docker.yml\nworkflow_run trigger]
    B --> D[docs.yml\npush / pull_request]
    B --> E[markdown-code-runner.yml\npush / pull_request]
    B --> F[pytest.yml\npush / pull_request]
    B --> G[release.yml\nrelease event]

    C --> H{Fork PR checkout\nblocking in v7}
    H -->|workflow_run in scope| I[No impact in practice\nPublishing pipeline,\nnever fork-PR driven]

    D --> J[No behavioral change]
    E --> J
    F --> J
    G --> J
Loading 
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[actions/checkout v6.0.3] -->|upgraded to| B[actions/checkout v7.0.0]

    B --> C[docker.yml\nworkflow_run trigger]
    B --> D[docs.yml\npush / pull_request]
    B --> E[markdown-code-runner.yml\npush / pull_request]
    B --> F[pytest.yml\npush / pull_request]
    B --> G[release.yml\nrelease event]

    C --> H{Fork PR checkout\nblocking in v7}
    H -->|workflow_run in scope| I[No impact in practice\nPublishing pipeline,\nnever fork-PR driven]

    D --> J[No behavioral change]
    E --> J
    F --> J
    G --> J
Loading

Reviews (1): Last reviewed commit: "⬆️ Update actions/checkout action to v7" | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies github_actions no-stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants