Skip to content

ci: use versioned upload-artifact instead of master; bump codeql-action to v4; bump upload-artifact to v5 #180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
richm merged 1 commit into from
Nov 3, 2025
Merged

ci: use versioned upload-artifact instead of master; bump codeql-action to v4; bump upload-artifact to v5 #180

richm merged 1 commit into from
Nov 3, 2025

Conversation

@richm
Copy link
Contributor

@richm richm commented Nov 3, 2025
edited by sourcery-ai bot
Loading

use versioned upload-artifact instead of master

bump codeql-action from v3 to v4

bump upload-artifact from v4 to v5

Signed-off-by: Rich Megginson rmeggins@redhat.com

Summary by Sourcery

Update CI workflows to use specific action versions for improved stability and security

CI:

  • Replace actions/upload-artifact@master with actions/upload-artifact@v5 in build_docs and test_converting_readme workflows
  • Bump github/codeql-action from v3 to v4

@richm
ci: use versioned upload-artifact instead of master; bump codeql-acti…
26987bf 
…on to v4; bump upload-artifact to v5

use versioned upload-artifact instead of master

bump codeql-action from v3 to v4

bump upload-artifact from v4 to v5

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
@richm richm requested a review from spetrosi as a code owner November 3, 2025 10:23
@richm richm self-assigned this Nov 3, 2025
sourcery-ai[bot]
sourcery-ai bot reviewed Nov 3, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes - here's some feedback:

  • Ensure that the bump to codeql-action v4 is reflected in all relevant workflows to avoid version mismatches.
  • Consider pinning actions to a specific commit SHA rather than a floating tag for more reproducible CI runs.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- Ensure that the bump to codeql-action v4 is reflected in all relevant workflows to avoid version mismatches.
- Consider pinning actions to a specific commit SHA rather than a floating tag for more reproducible CI runs.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@richm richm merged commit d7b114a into main Nov 3, 2025
17 of 22 checks passed
@richm richm deleted the ci-update-20251103 branch November 3, 2025 10:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@spetrosi spetrosi Awaiting requested review from spetrosi spetrosi is a code owner

Assignees

@richm richm

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@richm