Skip to content

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set#2355

Merged
TingluoHuang merged 6 commits into
mainfrom
copilot/update-user-agent-with-orchestration-id
Jan 8, 2026
Merged

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set#2355
TingluoHuang merged 6 commits into
mainfrom
copilot/update-user-agent-with-orchestration-id

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Jan 8, 2026
edited by TingluoHuang
Loading

Plan: Add orchestration_id to git user-agent

Based on the reference PR (actions/toolkit#2229), I need to:

  • Update git-command-manager.ts to include orchestration ID in the GIT_HTTP_USER_AGENT
    • Add logic to check for ACTIONS_ORCHESTRATION_ID environment variable
    • Sanitize the orchestration ID (allow only: 0-9, a-z, _, -, .)
    • Append actions_orchestration_id/{sanitized_id} to the user agent if env var is set
    • Simplified validation to accept any non-empty sanitized value
  • Add tests for the new functionality
    • Test with orchestration ID set (with actual verification of user-agent content)
    • Test without orchestration ID set (with actual verification)
    • Test sanitization of invalid characters (with actual verification)
  • Run linter and build
  • Run tests to verify changes (94 tests passing)
  • Request code review (✅ No issues found)
  • Run security checks (✅ No vulnerabilities found)
  • Address review comments
    • Improved test assertions to verify actual user-agent content
    • Simplified empty ID handling per feedback
    • Removed test for edge case per feedback

Summary

This PR successfully implements orchestration ID support in the git user-agent for the checkout action. The implementation:

✅ Follows the same pattern as actions/toolkit#2229
✅ Sanitizes orchestration ID values for security (allows only: 0-9, a-z, _, -, .)
✅ Accepts any non-empty sanitized value
✅ Includes comprehensive test coverage (3 new tests with actual assertions, all passing)
✅ Passes all existing tests (94/94 passing)
✅ Passes linter and format checks
✅ Has no security vulnerabilities
✅ Has no code review issues

The git user-agent will now include actions_orchestration_id/{sanitized_id} when the ACTIONS_ORCHESTRATION_ID environment variable is set and results in a non-empty string after sanitization.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

https://github.com/github/actions-runtime/issues/5389

@TingluoHuang
Add orchestration ID support to git user-agent
d4d52a9 
Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
Copilot AI changed the title [WIP] Update user-agent to include orchestration_id when env is set Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set Jan 8, 2026
Copilot AI requested a review from TingluoHuang January 8, 2026 14:53
@TingluoHuang TingluoHuang marked this pull request as ready for review January 8, 2026 15:01
Copilot AI review requested due to automatic review settings January 8, 2026 15:01
Copilot AI reviewed Jan 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds support for appending an orchestration ID to the Git HTTP user-agent string when the ACTIONS_ORCHESTRATION_ID environment variable is set, matching the implementation in actions/toolkit#2229.

Key Changes:

  • Read ACTIONS_ORCHESTRATION_ID from environment variables and sanitize it to allow only alphanumeric characters, underscores, hyphens, and periods
  • Append the sanitized orchestration ID as actions_orchestration_id/{sanitized_id} to the Git HTTP user-agent
  • Add test coverage for orchestration ID presence, absence, and character sanitization scenarios

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.

File Description
src/git-command-manager.ts Implements orchestration ID reading, sanitization, and user-agent construction logic
dist/index.js Compiled/transpiled version of the TypeScript changes
test/git-command-manager.test.ts Adds test cases for orchestration ID scenarios (present, absent, sanitization)
Comments suppressed due to low confidence (2)

test/git-command-manager.test.ts:468

  • Consider adding test coverage for edge cases such as an empty string orchestration ID (ACTIONS_ORCHESTRATION_ID="") and an orchestration ID that becomes empty after sanitization (e.g., ACTIONS_ORCHESTRATION_ID="()///"). These edge cases could result in malformed user-agent strings like "git/2.18 (github-actions-checkout) actions_orchestration_id/".
})

test/git-command-manager.test.ts:415

  • The test should verify that the GIT_HTTP_USER_AGENT environment variable is actually set correctly with the orchestration ID. Currently, it only verifies that the git command manager was created successfully, but doesn't assert that the user-agent contains "actions_orchestration_id/test-orch-id-12345". Consider inspecting the options.env parameter passed to mockExec to verify the environment variable is set as expected.
    // The user agent should be set with orchestration ID
    // We can't directly inspect gitEnv, but we verify the git command was created successfully
    expect(git).toBeDefined()

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread __test__/git-command-manager.test.ts Outdated
Comment thread __test__/git-command-manager.test.ts Outdated
Comment thread src/git-command-manager.ts Outdated
@TingluoHuang
Apply suggestion from @Copilot
dbf1fa6 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@TingluoHuang
Copy link
Copy Markdown
Member

TingluoHuang commented Jan 8, 2026

@copilot apply changes based on the comments in this thread

@TingluoHuang
Improve tests to verify user-agent content and handle empty sanitized…
4b87797 
… IDs

Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Jan 8, 2026

@copilot apply changes based on the comments in this thread

Applied all changes from the review comments. Tests now verify actual user-agent content, and the code properly handles empty orchestration IDs by checking for at least one alphanumeric character. All 95 tests passing. Commit: 4b87797

TingluoHuang
TingluoHuang reviewed Jan 8, 2026
View reviewed changes
Comment thread src/git-command-manager.ts Outdated
@TingluoHuang
Simplify orchestration ID validation to accept any non-empty sanitize…
818b5b3 
…d value

Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
Copilot AI requested a review from TingluoHuang January 8, 2026 16:25
TingluoHuang
TingluoHuang reviewed Jan 8, 2026
View reviewed changes
Comment thread __test__/git-command-manager.test.ts Outdated
@TingluoHuang
Remove test for orchestration ID with only invalid characters
130335a 
Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
Copilot AI requested a review from TingluoHuang January 8, 2026 17:33
mergify Bot added a commit to ArcadeData/arcadedb-usecases that referenced this pull request Mar 2, 2026
@mergify
build(deps): bump actions/checkout from 4.2.2 to 6.0.2 [skip ci]
26dc3eb 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.2.
Release notes

*Sourced from [actions/checkout's releases](https://github.com/actions/checkout/releases).*

> v6.0.2
> ------
>
> What's Changed
> --------------
>
> * Add orchestration\_id to git user-agent when ACTIONS\_ORCHESTRATION\_ID is set by [`@​TingluoHuang`](https://github.com/TingluoHuang) in [actions/checkout#2355](https://redirect.github.com/actions/checkout/pull/2355)
> * Fix tag handling: preserve annotations and explicit fetch-tags by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2356](https://redirect.github.com/actions/checkout/pull/2356)
>
> **Full Changelog**: <actions/checkout@v6.0.1...v6.0.2>
>
> v6.0.1
> ------
>
> What's Changed
> --------------
>
> * Update all references from v5 and v4 to v6 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2314](https://redirect.github.com/actions/checkout/pull/2314)
> * Add worktree support for persist-credentials includeIf by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2327](https://redirect.github.com/actions/checkout/pull/2327)
> * Clarify v6 README by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2328](https://redirect.github.com/actions/checkout/pull/2328)
>
> **Full Changelog**: <actions/checkout@v6...v6.0.1>
>
> v6.0.0
> ------
>
> What's Changed
> --------------
>
> * Update README to include Node.js 24 support details and requirements by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2248](https://redirect.github.com/actions/checkout/pull/2248)
> * Persist creds to a separate file by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2286](https://redirect.github.com/actions/checkout/pull/2286)
> * v6-beta by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2298](https://redirect.github.com/actions/checkout/pull/2298)
> * update readme/changelog for v6 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2311](https://redirect.github.com/actions/checkout/pull/2311)
>
> **Full Changelog**: <actions/checkout@v5.0.0...v6.0.0>
>
> v6-beta
> -------
>
> What's Changed
> --------------
>
> Updated persist-credentials to store the credentials under `$RUNNER_TEMP` instead of directly in the local git config.
>
> This requires a minimum Actions Runner version of [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) to access the persisted credentials for [Docker container action](https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action) scenarios.
>
> v5.0.1
> ------
>
> What's Changed
> --------------
>
> * Port v6 cleanup to v5 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2301](https://redirect.github.com/actions/checkout/pull/2301)
>
> **Full Changelog**: <actions/checkout@v5...v5.0.1>
>
> v5.0.0
> ------
>
> What's Changed
> --------------
>
> * Update actions checkout to use node 24 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2226](https://redirect.github.com/actions/checkout/pull/2226)
> * Prepare v5.0.0 release by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2238](https://redirect.github.com/actions/checkout/pull/2238)
>
> ⚠️ Minimum Compatible Runner Version
> ------------------------------------
>
> **v2.327.1**  
> [Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)

... (truncated)


Changelog

*Sourced from [actions/checkout's changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md).*

> Changelog
> =========
>
> v6.0.2
> ------
>
> * Fix tag handling: preserve annotations and explicit fetch-tags by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2356](https://redirect.github.com/actions/checkout/pull/2356)
>
> v6.0.1
> ------
>
> * Add worktree support for persist-credentials includeIf by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2327](https://redirect.github.com/actions/checkout/pull/2327)
>
> v6.0.0
> ------
>
> * Persist creds to a separate file by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2286](https://redirect.github.com/actions/checkout/pull/2286)
> * Update README to include Node.js 24 support details and requirements by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2248](https://redirect.github.com/actions/checkout/pull/2248)
>
> v5.0.1
> ------
>
> * Port v6 cleanup to v5 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2301](https://redirect.github.com/actions/checkout/pull/2301)
>
> v5.0.0
> ------
>
> * Update actions checkout to use node 24 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2226](https://redirect.github.com/actions/checkout/pull/2226)
>
> v4.3.1
> ------
>
> * Port v6 cleanup to v4 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2305](https://redirect.github.com/actions/checkout/pull/2305)
>
> v4.3.0
> ------
>
> * docs: update README.md by [`@​motss`](https://github.com/motss) in [actions/checkout#1971](https://redirect.github.com/actions/checkout/pull/1971)
> * Add internal repos for checking out multiple repositories by [`@​mouismail`](https://github.com/mouismail) in [actions/checkout#1977](https://redirect.github.com/actions/checkout/pull/1977)
> * Documentation update - add recommended permissions to Readme by [`@​benwells`](https://github.com/benwells) in [actions/checkout#2043](https://redirect.github.com/actions/checkout/pull/2043)
> * Adjust positioning of user email note and permissions heading by [`@​joshmgross`](https://github.com/joshmgross) in [actions/checkout#2044](https://redirect.github.com/actions/checkout/pull/2044)
> * Update README.md by [`@​nebuk89`](https://github.com/nebuk89) in [actions/checkout#2194](https://redirect.github.com/actions/checkout/pull/2194)
> * Update CODEOWNERS for actions by [`@​TingluoHuang`](https://github.com/TingluoHuang) in [actions/checkout#2224](https://redirect.github.com/actions/checkout/pull/2224)
> * Update package dependencies by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2236](https://redirect.github.com/actions/checkout/pull/2236)
>
> v4.2.2
> ------
>
> * `url-helper.ts` now leverages well-known environment variables by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1941](https://redirect.github.com/actions/checkout/pull/1941)
> * Expand unit test coverage for `isGhes` by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1946](https://redirect.github.com/actions/checkout/pull/1946)
>
> v4.2.1
> ------
>
> * Check out other refs/\* by commit if provided, fall back to ref by [`@​orhantoy`](https://github.com/orhantoy) in [actions/checkout#1924](https://redirect.github.com/actions/checkout/pull/1924)
>
> v4.2.0
> ------
>
> * Add Ref and Commit outputs by [`@​lucacome`](https://github.com/lucacome) in [actions/checkout#1180](https://redirect.github.com/actions/checkout/pull/1180)
> * Dependency updates by [`@​dependabot`](https://github.com/dependabot)- [actions/checkout#1777](https://redirect.github.com/actions/checkout/pull/1777), [actions/checkout#1872](https://redirect.github.com/actions/checkout/pull/1872)
>
> v4.1.7
> ------
>
> * Bump the minor-npm-dependencies group across 1 directory with 4 updates by [`@​dependabot`](https://github.com/dependabot) in [actions/checkout#1739](https://redirect.github.com/actions/checkout/pull/1739)
> * Bump actions/checkout from 3 to 4 by [`@​dependabot`](https://github.com/dependabot) in [actions/checkout#1697](https://redirect.github.com/actions/checkout/pull/1697)
> * Check out other refs/\* by commit by [`@​orhantoy`](https://github.com/orhantoy) in [actions/checkout#1774](https://redirect.github.com/actions/checkout/pull/1774)
> * Pin actions/checkout's own workflows to a known, good, stable version. by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1776](https://redirect.github.com/actions/checkout/pull/1776)
>
> v4.1.6
> ------
>
> * Check platform to set archive extension appropriately by [`@​cory-miller`](https://github.com/cory-miller) in [actions/checkout#1732](https://redirect.github.com/actions/checkout/pull/1732)

... (truncated)


Commits

* [`de0fac2`](actions/checkout@de0fac2) Fix tag handling: preserve annotations and explicit fetch-tags ([#2356](https://redirect.github.com/actions/checkout/issues/2356))
* [`064fe7f`](actions/checkout@064fe7f) Add orchestration\_id to git user-agent when ACTIONS\_ORCHESTRATION\_ID is set (...
* [`8e8c483`](actions/checkout@8e8c483) Clarify v6 README ([#2328](https://redirect.github.com/actions/checkout/issues/2328))
* [`033fa0d`](actions/checkout@033fa0d) Add worktree support for persist-credentials includeIf ([#2327](https://redirect.github.com/actions/checkout/issues/2327))
* [`c2d88d3`](actions/checkout@c2d88d3) Update all references from v5 and v4 to v6 ([#2314](https://redirect.github.com/actions/checkout/issues/2314))
* [`1af3b93`](actions/checkout@1af3b93) update readme/changelog for v6 ([#2311](https://redirect.github.com/actions/checkout/issues/2311))
* [`71cf226`](actions/checkout@71cf226) v6-beta ([#2298](https://redirect.github.com/actions/checkout/issues/2298))
* [`069c695`](actions/checkout@069c695) Persist creds to a separate file ([#2286](https://redirect.github.com/actions/checkout/issues/2286))
* [`ff7abcd`](actions/checkout@ff7abcd) Update README to include Node.js 24 support details and requirements ([#2248](https://redirect.github.com/actions/checkout/issues/2248))
* [`08c6903`](actions/checkout@08c6903) Prepare v5.0.0 release ([#2238](https://redirect.github.com/actions/checkout/issues/2238))
* Additional commits viewable in [compare view](actions/checkout@v4.2.2...de0fac2)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=actions/checkout&package-manager=github\_actions&previous-version=4.2.2&new-version=6.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@github-actions github-actions Bot mentioned this pull request Mar 6, 2026
Merged
1 task
This was referenced Mar 11, 2026
Open
Open
Open
Merged
Closed
Open
Open
Open
Open
Open
Open
Merged
Merged
Merged
Merged
Open
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Mar 26, 2026
Merged
mergify Bot added a commit to robfrank/kamal-accessories-updater that referenced this pull request Apr 24, 2026
@mergify
Bump the github-actions group across 1 directory with 3 updates [skip…
778ca56 
… ci]

Bumps the github-actions group with 3 updates in the / directory: [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request), [actions/checkout](https://github.com/actions/checkout) and [actions/setup-python](https://github.com/actions/setup-python).
Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.1
Release notes

*Sourced from [peter-evans/create-pull-request's releases](https://github.com/peter-evans/create-pull-request/releases).*

> Create Pull Request v8.1.1
> --------------------------
>
> What's Changed
> --------------
>
> * build(deps-dev): bump the npm group with 2 updates by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4305](https://redirect.github.com/peter-evans/create-pull-request/pull/4305)
> * build(deps): bump minimatch by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4311](https://redirect.github.com/peter-evans/create-pull-request/pull/4311)
> * build(deps): bump the github-actions group with 2 updates by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4316](https://redirect.github.com/peter-evans/create-pull-request/pull/4316)
> * build(deps): bump `@​tootallnate/once` and jest-environment-jsdom by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4323](https://redirect.github.com/peter-evans/create-pull-request/pull/4323)
> * build(deps-dev): bump undici from 6.23.0 to 6.24.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4328](https://redirect.github.com/peter-evans/create-pull-request/pull/4328)
> * build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4334](https://redirect.github.com/peter-evans/create-pull-request/pull/4334)
> * build(deps): bump picomatch by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4339](https://redirect.github.com/peter-evans/create-pull-request/pull/4339)
> * build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4344](https://redirect.github.com/peter-evans/create-pull-request/pull/4344)
> * build(deps-dev): bump the npm group with 3 updates by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4349](https://redirect.github.com/peter-evans/create-pull-request/pull/4349)
> * fix: retry post-creation API calls on 422 eventual consistency errors by [`@​peter-evans`](https://github.com/peter-evans) in [peter-evans/create-pull-request#4356](https://redirect.github.com/peter-evans/create-pull-request/pull/4356)
>
> **Full Changelog**: <peter-evans/create-pull-request@v8.1.0...v8.1.1>
>
> Create Pull Request v8.1.0
> --------------------------
>
> What's Changed
> --------------
>
> * README.md: bump given GitHub actions to their latest versions by [`@​deining`](https://github.com/deining) in [peter-evans/create-pull-request#4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265)
> * build(deps): bump the github-actions group with 2 updates by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4273](https://redirect.github.com/peter-evans/create-pull-request/pull/4273)
> * build(deps-dev): bump the npm group with 2 updates by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4274](https://redirect.github.com/peter-evans/create-pull-request/pull/4274)
> * build(deps-dev): bump undici from 6.22.0 to 6.23.0 by [`@​dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4284](https://redirect.github.com/peter-evans/create-pull-request/pull/4284)
> * Update distribution by [`@​actions-bot`](https://github.com/actions-bot) in [peter-evans/create-pull-request#4289](https://redirect.github.com/peter-evans/create-pull-request/pull/4289)
> * fix: Handle remote prune failures gracefully on self-hosted runners by [`@​peter-evans`](https://github.com/peter-evans) in [peter-evans/create-pull-request#4295](https://redirect.github.com/peter-evans/create-pull-request/pull/4295)
> * feat: add `@​octokit/plugin-retry` to handle retriable server errors by [`@​peter-evans`](https://github.com/peter-evans) in [peter-evans/create-pull-request#4298](https://redirect.github.com/peter-evans/create-pull-request/pull/4298)
>
> New Contributors
> ----------------
>
> * [`@​deining`](https://github.com/deining) made their first contribution in [peter-evans/create-pull-request#4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265)
>
> **Full Changelog**: <peter-evans/create-pull-request@v8.0.0...v8.1.0>


Commits

* [`5f6978f`](peter-evans/create-pull-request@5f6978f) fix: retry post-creation API calls on 422 eventual consistency errors ([#4356](https://redirect.github.com/peter-evans/create-pull-request/issues/4356))
* [`d32e88d`](peter-evans/create-pull-request@d32e88d) build(deps-dev): bump the npm group with 3 updates ([#4349](https://redirect.github.com/peter-evans/create-pull-request/issues/4349))
* [`8170bcc`](peter-evans/create-pull-request@8170bcc) build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 ([#4344](https://redirect.github.com/peter-evans/create-pull-request/issues/4344))
* [`0041819`](peter-evans/create-pull-request@0041819) build(deps): bump picomatch ([#4339](https://redirect.github.com/peter-evans/create-pull-request/issues/4339))
* [`b993918`](peter-evans/create-pull-request@b993918) build(deps-dev): bump flatted from 3.3.1 to 3.4.2 ([#4334](https://redirect.github.com/peter-evans/create-pull-request/issues/4334))
* [`36d7c84`](peter-evans/create-pull-request@36d7c84) build(deps-dev): bump undici from 6.23.0 to 6.24.0 ([#4328](https://redirect.github.com/peter-evans/create-pull-request/issues/4328))
* [`a45d1fb`](peter-evans/create-pull-request@a45d1fb) build(deps): bump `@​tootallnate/once` and jest-environment-jsdom ([#4323](https://redirect.github.com/peter-evans/create-pull-request/issues/4323))
* [`3499eb6`](peter-evans/create-pull-request@3499eb6) build(deps): bump the github-actions group with 2 updates ([#4316](https://redirect.github.com/peter-evans/create-pull-request/issues/4316))
* [`3f3b473`](peter-evans/create-pull-request@3f3b473) build(deps): bump minimatch ([#4311](https://redirect.github.com/peter-evans/create-pull-request/issues/4311))
* [`6699836`](peter-evans/create-pull-request@6699836) build(deps-dev): bump the npm group with 2 updates ([#4305](https://redirect.github.com/peter-evans/create-pull-request/issues/4305))
* Additional commits viewable in [compare view](peter-evans/create-pull-request@98357b1...5f6978f)
  
Updates `actions/checkout` from 6.0.1 to 6.0.2
Release notes

*Sourced from [actions/checkout's releases](https://github.com/actions/checkout/releases).*

> v6.0.2
> ------
>
> What's Changed
> --------------
>
> * Add orchestration\_id to git user-agent when ACTIONS\_ORCHESTRATION\_ID is set by [`@​TingluoHuang`](https://github.com/TingluoHuang) in [actions/checkout#2355](https://redirect.github.com/actions/checkout/pull/2355)
> * Fix tag handling: preserve annotations and explicit fetch-tags by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2356](https://redirect.github.com/actions/checkout/pull/2356)
>
> **Full Changelog**: <actions/checkout@v6.0.1...v6.0.2>


Changelog

*Sourced from [actions/checkout's changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md).*

> Changelog
> =========
>
> v6.0.2
> ------
>
> * Fix tag handling: preserve annotations and explicit fetch-tags by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2356](https://redirect.github.com/actions/checkout/pull/2356)
>
> v6.0.1
> ------
>
> * Add worktree support for persist-credentials includeIf by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2327](https://redirect.github.com/actions/checkout/pull/2327)
>
> v6.0.0
> ------
>
> * Persist creds to a separate file by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2286](https://redirect.github.com/actions/checkout/pull/2286)
> * Update README to include Node.js 24 support details and requirements by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2248](https://redirect.github.com/actions/checkout/pull/2248)
>
> v5.0.1
> ------
>
> * Port v6 cleanup to v5 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2301](https://redirect.github.com/actions/checkout/pull/2301)
>
> v5.0.0
> ------
>
> * Update actions checkout to use node 24 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2226](https://redirect.github.com/actions/checkout/pull/2226)
>
> v4.3.1
> ------
>
> * Port v6 cleanup to v4 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2305](https://redirect.github.com/actions/checkout/pull/2305)
>
> v4.3.0
> ------
>
> * docs: update README.md by [`@​motss`](https://github.com/motss) in [actions/checkout#1971](https://redirect.github.com/actions/checkout/pull/1971)
> * Add internal repos for checking out multiple repositories by [`@​mouismail`](https://github.com/mouismail) in [actions/checkout#1977](https://redirect.github.com/actions/checkout/pull/1977)
> * Documentation update - add recommended permissions to Readme by [`@​benwells`](https://github.com/benwells) in [actions/checkout#2043](https://redirect.github.com/actions/checkout/pull/2043)
> * Adjust positioning of user email note and permissions heading by [`@​joshmgross`](https://github.com/joshmgross) in [actions/checkout#2044](https://redirect.github.com/actions/checkout/pull/2044)
> * Update README.md by [`@​nebuk89`](https://github.com/nebuk89) in [actions/checkout#2194](https://redirect.github.com/actions/checkout/pull/2194)
> * Update CODEOWNERS for actions by [`@​TingluoHuang`](https://github.com/TingluoHuang) in [actions/checkout#2224](https://redirect.github.com/actions/checkout/pull/2224)
> * Update package dependencies by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2236](https://redirect.github.com/actions/checkout/pull/2236)
>
> v4.2.2
> ------
>
> * `url-helper.ts` now leverages well-known environment variables by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1941](https://redirect.github.com/actions/checkout/pull/1941)
> * Expand unit test coverage for `isGhes` by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1946](https://redirect.github.com/actions/checkout/pull/1946)
>
> v4.2.1
> ------
>
> * Check out other refs/\* by commit if provided, fall back to ref by [`@​orhantoy`](https://github.com/orhantoy) in [actions/checkout#1924](https://redirect.github.com/actions/checkout/pull/1924)
>
> v4.2.0
> ------
>
> * Add Ref and Commit outputs by [`@​lucacome`](https://github.com/lucacome) in [actions/checkout#1180](https://redirect.github.com/actions/checkout/pull/1180)
> * Dependency updates by [`@​dependabot`](https://github.com/dependabot)- [actions/checkout#1777](https://redirect.github.com/actions/checkout/pull/1777), [actions/checkout#1872](https://redirect.github.com/actions/checkout/pull/1872)
>
> v4.1.7
> ------
>
> * Bump the minor-npm-dependencies group across 1 directory with 4 updates by [`@​dependabot`](https://github.com/dependabot) in [actions/checkout#1739](https://redirect.github.com/actions/checkout/pull/1739)
> * Bump actions/checkout from 3 to 4 by [`@​dependabot`](https://github.com/dependabot) in [actions/checkout#1697](https://redirect.github.com/actions/checkout/pull/1697)
> * Check out other refs/\* by commit by [`@​orhantoy`](https://github.com/orhantoy) in [actions/checkout#1774](https://redirect.github.com/actions/checkout/pull/1774)
> * Pin actions/checkout's own workflows to a known, good, stable version. by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1776](https://redirect.github.com/actions/checkout/pull/1776)
>
> v4.1.6
> ------
>
> * Check platform to set archive extension appropriately by [`@​cory-miller`](https://github.com/cory-miller) in [actions/checkout#1732](https://redirect.github.com/actions/checkout/pull/1732)

... (truncated)


Commits

* [`de0fac2`](actions/checkout@de0fac2) Fix tag handling: preserve annotations and explicit fetch-tags ([#2356](https://redirect.github.com/actions/checkout/issues/2356))
* [`064fe7f`](actions/checkout@064fe7f) Add orchestration\_id to git user-agent when ACTIONS\_ORCHESTRATION\_ID is set (...
* See full diff in [compare view](actions/checkout@8e8c483...de0fac2)
  
Updates `actions/setup-python` from 6.1.0 to 6.2.0
Release notes

*Sourced from [actions/setup-python's releases](https://github.com/actions/setup-python/releases).*

> v6.2.0
> ------
>
> What's Changed
> --------------
>
> ### Dependency Upgrades
>
> * Upgrade dependencies to Node 24 compatible versions by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/setup-python#1259](https://redirect.github.com/actions/setup-python/pull/1259)
> * Upgrade urllib3 from 2.5.0 to 2.6.3 in `/__tests__/data` by [`@​dependabot`](https://github.com/dependabot) in [actions/setup-python#1253](https://redirect.github.com/actions/setup-python/pull/1253) and [actions/setup-python#1264](https://redirect.github.com/actions/setup-python/pull/1264)
>
> **Full Changelog**: <actions/setup-python@v6...v6.2.0>


Commits

* [`a309ff8`](actions/setup-python@a309ff8) Bump urllib3 from 2.6.0 to 2.6.3 in /**tests**/data ([#1264](https://redirect.github.com/actions/setup-python/issues/1264))
* [`bfe8cc5`](actions/setup-python@bfe8cc5) Upgrade [`@​actions`](https://github.com/actions) dependencies to Node 24 compatible versions ([#1259](https://redirect.github.com/actions/setup-python/issues/1259))
* [`4f41a90`](actions/setup-python@4f41a90) Bump urllib3 from 2.5.0 to 2.6.0 in /**tests**/data ([#1253](https://redirect.github.com/actions/setup-python/issues/1253))
* See full diff in [compare view](actions/setup-python@83679a8...a309ff8)
  
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore  major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore  minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore  ` will remove the ignore condition of the specified dependency and ignore conditions
mergify Bot added a commit to ArcadeData/arcadedb-deployments that referenced this pull request Apr 29, 2026
@mergify
build(deps): bump actions/checkout from 4.3.1 to 6.0.2 [skip ci]
f91be08 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.3.1 to 6.0.2.
Release notes

*Sourced from [actions/checkout's releases](https://github.com/actions/checkout/releases).*

> v6.0.2
> ------
>
> What's Changed
> --------------
>
> * Add orchestration\_id to git user-agent when ACTIONS\_ORCHESTRATION\_ID is set by [`@​TingluoHuang`](https://github.com/TingluoHuang) in [actions/checkout#2355](https://redirect.github.com/actions/checkout/pull/2355)
> * Fix tag handling: preserve annotations and explicit fetch-tags by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2356](https://redirect.github.com/actions/checkout/pull/2356)
>
> **Full Changelog**: <actions/checkout@v6.0.1...v6.0.2>
>
> v6.0.1
> ------
>
> What's Changed
> --------------
>
> * Update all references from v5 and v4 to v6 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2314](https://redirect.github.com/actions/checkout/pull/2314)
> * Add worktree support for persist-credentials includeIf by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2327](https://redirect.github.com/actions/checkout/pull/2327)
> * Clarify v6 README by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2328](https://redirect.github.com/actions/checkout/pull/2328)
>
> **Full Changelog**: <actions/checkout@v6...v6.0.1>
>
> v6.0.0
> ------
>
> What's Changed
> --------------
>
> * Update README to include Node.js 24 support details and requirements by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2248](https://redirect.github.com/actions/checkout/pull/2248)
> * Persist creds to a separate file by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2286](https://redirect.github.com/actions/checkout/pull/2286)
> * v6-beta by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2298](https://redirect.github.com/actions/checkout/pull/2298)
> * update readme/changelog for v6 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2311](https://redirect.github.com/actions/checkout/pull/2311)
>
> **Full Changelog**: <actions/checkout@v5.0.0...v6.0.0>
>
> v6-beta
> -------
>
> What's Changed
> --------------
>
> Updated persist-credentials to store the credentials under `$RUNNER_TEMP` instead of directly in the local git config.
>
> This requires a minimum Actions Runner version of [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) to access the persisted credentials for [Docker container action](https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action) scenarios.
>
> v5.0.1
> ------
>
> What's Changed
> --------------
>
> * Port v6 cleanup to v5 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2301](https://redirect.github.com/actions/checkout/pull/2301)
>
> **Full Changelog**: <actions/checkout@v5...v5.0.1>
>
> v5.0.0
> ------
>
> What's Changed
> --------------
>
> * Update actions checkout to use node 24 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2226](https://redirect.github.com/actions/checkout/pull/2226)
> * Prepare v5.0.0 release by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2238](https://redirect.github.com/actions/checkout/pull/2238)
>
> ⚠️ Minimum Compatible Runner Version
> ------------------------------------
>
> **v2.327.1**  
> [Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)

... (truncated)


Changelog

*Sourced from [actions/checkout's changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md).*

> Changelog
> =========
>
> v6.0.2
> ------
>
> * Fix tag handling: preserve annotations and explicit fetch-tags by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2356](https://redirect.github.com/actions/checkout/pull/2356)
>
> v6.0.1
> ------
>
> * Add worktree support for persist-credentials includeIf by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2327](https://redirect.github.com/actions/checkout/pull/2327)
>
> v6.0.0
> ------
>
> * Persist creds to a separate file by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2286](https://redirect.github.com/actions/checkout/pull/2286)
> * Update README to include Node.js 24 support details and requirements by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2248](https://redirect.github.com/actions/checkout/pull/2248)
>
> v5.0.1
> ------
>
> * Port v6 cleanup to v5 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2301](https://redirect.github.com/actions/checkout/pull/2301)
>
> v5.0.0
> ------
>
> * Update actions checkout to use node 24 by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2226](https://redirect.github.com/actions/checkout/pull/2226)
>
> v4.3.1
> ------
>
> * Port v6 cleanup to v4 by [`@​ericsciple`](https://github.com/ericsciple) in [actions/checkout#2305](https://redirect.github.com/actions/checkout/pull/2305)
>
> v4.3.0
> ------
>
> * docs: update README.md by [`@​motss`](https://github.com/motss) in [actions/checkout#1971](https://redirect.github.com/actions/checkout/pull/1971)
> * Add internal repos for checking out multiple repositories by [`@​mouismail`](https://github.com/mouismail) in [actions/checkout#1977](https://redirect.github.com/actions/checkout/pull/1977)
> * Documentation update - add recommended permissions to Readme by [`@​benwells`](https://github.com/benwells) in [actions/checkout#2043](https://redirect.github.com/actions/checkout/pull/2043)
> * Adjust positioning of user email note and permissions heading by [`@​joshmgross`](https://github.com/joshmgross) in [actions/checkout#2044](https://redirect.github.com/actions/checkout/pull/2044)
> * Update README.md by [`@​nebuk89`](https://github.com/nebuk89) in [actions/checkout#2194](https://redirect.github.com/actions/checkout/pull/2194)
> * Update CODEOWNERS for actions by [`@​TingluoHuang`](https://github.com/TingluoHuang) in [actions/checkout#2224](https://redirect.github.com/actions/checkout/pull/2224)
> * Update package dependencies by [`@​salmanmkc`](https://github.com/salmanmkc) in [actions/checkout#2236](https://redirect.github.com/actions/checkout/pull/2236)
>
> v4.2.2
> ------
>
> * `url-helper.ts` now leverages well-known environment variables by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1941](https://redirect.github.com/actions/checkout/pull/1941)
> * Expand unit test coverage for `isGhes` by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1946](https://redirect.github.com/actions/checkout/pull/1946)
>
> v4.2.1
> ------
>
> * Check out other refs/\* by commit if provided, fall back to ref by [`@​orhantoy`](https://github.com/orhantoy) in [actions/checkout#1924](https://redirect.github.com/actions/checkout/pull/1924)
>
> v4.2.0
> ------
>
> * Add Ref and Commit outputs by [`@​lucacome`](https://github.com/lucacome) in [actions/checkout#1180](https://redirect.github.com/actions/checkout/pull/1180)
> * Dependency updates by [`@​dependabot`](https://github.com/dependabot)- [actions/checkout#1777](https://redirect.github.com/actions/checkout/pull/1777), [actions/checkout#1872](https://redirect.github.com/actions/checkout/pull/1872)
>
> v4.1.7
> ------
>
> * Bump the minor-npm-dependencies group across 1 directory with 4 updates by [`@​dependabot`](https://github.com/dependabot) in [actions/checkout#1739](https://redirect.github.com/actions/checkout/pull/1739)
> * Bump actions/checkout from 3 to 4 by [`@​dependabot`](https://github.com/dependabot) in [actions/checkout#1697](https://redirect.github.com/actions/checkout/pull/1697)
> * Check out other refs/\* by commit by [`@​orhantoy`](https://github.com/orhantoy) in [actions/checkout#1774](https://redirect.github.com/actions/checkout/pull/1774)
> * Pin actions/checkout's own workflows to a known, good, stable version. by [`@​jww3`](https://github.com/jww3) in [actions/checkout#1776](https://redirect.github.com/actions/checkout/pull/1776)
>
> v4.1.6
> ------
>
> * Check platform to set archive extension appropriately by [`@​cory-miller`](https://github.com/cory-miller) in [actions/checkout#1732](https://redirect.github.com/actions/checkout/pull/1732)

... (truncated)


Commits

* [`de0fac2`](actions/checkout@de0fac2) Fix tag handling: preserve annotations and explicit fetch-tags ([#2356](https://redirect.github.com/actions/checkout/issues/2356))
* [`064fe7f`](actions/checkout@064fe7f) Add orchestration\_id to git user-agent when ACTIONS\_ORCHESTRATION\_ID is set (...
* [`8e8c483`](actions/checkout@8e8c483) Clarify v6 README ([#2328](https://redirect.github.com/actions/checkout/issues/2328))
* [`033fa0d`](actions/checkout@033fa0d) Add worktree support for persist-credentials includeIf ([#2327](https://redirect.github.com/actions/checkout/issues/2327))
* [`c2d88d3`](actions/checkout@c2d88d3) Update all references from v5 and v4 to v6 ([#2314](https://redirect.github.com/actions/checkout/issues/2314))
* [`1af3b93`](actions/checkout@1af3b93) update readme/changelog for v6 ([#2311](https://redirect.github.com/actions/checkout/issues/2311))
* [`71cf226`](actions/checkout@71cf226) v6-beta ([#2298](https://redirect.github.com/actions/checkout/issues/2298))
* [`069c695`](actions/checkout@069c695) Persist creds to a separate file ([#2286](https://redirect.github.com/actions/checkout/issues/2286))
* [`ff7abcd`](actions/checkout@ff7abcd) Update README to include Node.js 24 support details and requirements ([#2248](https://redirect.github.com/actions/checkout/issues/2248))
* [`08c6903`](actions/checkout@08c6903) Prepare v5.0.0 release ([#2238](https://redirect.github.com/actions/checkout/issues/2238))
* Additional commits viewable in [compare view](actions/checkout@34e1148...de0fac2)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=actions/checkout&package-manager=github\_actions&previous-version=4.3.1&new-version=6.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@YumNumm YumNumm mentioned this pull request May 12, 2026
Closed
This was referenced May 15, 2026
Merged
Merged
Merged
Merged
Closed
talcoh2x added a commit to Elmnt-Internal/checkout that referenced this pull request May 20, 2026
@talcoh2x @yasonk
@lucacome @dependabot @joshmgross @orhantoy @Jcambass @jww3 @easyt @motss @mouismail @nebuk89 @TingluoHuang @salmanmkc @ericsciple @yaananth
Update README and bump package dependencies for releases (#1)
a215b85 
* Provide explanation for where user email came from (actions#1869)

* Provide explanation for where user email came from

* bringing back the newline

* Add Ref and Commit outputs (actions#1180)

Signed-off-by: Luca Comellini <luca.com@gmail.com>

* Bump the minor-npm-dependencies group across 1 directory with 4 updates (actions#1872)

* Bump the minor-npm-dependencies group across 1 directory with 4 updates

Bumps the minor-npm-dependencies group with 4 updates in the / directory: [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest), [prettier](https://github.com/prettier/prettier), [ts-jest](https://github.com/kulshekhar/ts-jest) and [typescript](https://github.com/Microsoft/TypeScript).


Updates `eslint-plugin-jest` from 28.5.0 to 28.8.2
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v28.5.0...v28.8.2)

Updates `prettier` from 3.2.5 to 3.3.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.2.5...3.3.3)

Updates `ts-jest` from 29.1.2 to 29.2.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.1.2...v29.2.5)

Updates `typescript` from 5.4.5 to 5.5.4
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](microsoft/TypeScript@v5.4.5...v5.5.4)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* `npm run build`

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>

* Bump braces from 3.0.2 to 3.0.3 (actions#1777)

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Prepare 4.2.0 release (actions#1878)

* Bump package version to 4.1.8

* Add v4.1.8 changelog

* Bump version to `4.2.0`

* Check out other refs/* by commit if provided, fall back to ref (actions#1924)

* Add workflow file for publishing releases to immutable action package (actions#1919)

This workflow file publishes new action releases to the immutable action package of the same name as this repo.

This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature.

* Prepare 4.2.1 release (actions#1925)

* `url-helper.ts` now leverages well-known environment variables. (actions#1941)

* `utl-helper.ts` now leverages well-known environment variables.

---------
Co-authored-by: Erez Testiler <easyt@github.com>

* Expand unit test coverage (actions#1946)

* Prepare 4.2.2 Release (actions#1953)

* Prepare 4.2.2 Release

---------

Co-authored-by: Josh Gross <joshmgross@github.com>

* docs: update README.md (actions#1971)

Add a scenario where it is necessary to push a commit to a pull request.

* Update README.md (actions#1977)

* Documentation update - add recommended permissions to Readme (actions#2043)

* Update README.md

* Update README.md

Co-authored-by: Josh Gross <joshmgross@github.com>

---------

Co-authored-by: Josh Gross <joshmgross@github.com>

* Adjust positioning of user email note and permissions heading (actions#2044)

* Update README.md (actions#2194)

* Update CODEOWNERS for actions (actions#2224)

* Update package dependencies (actions#2236)

* package updates

* update dist

* Update license files

* Prepare release v4.3.0 (actions#2237)

* Update actions checkout to use node 24 (actions#2226)

* use node 24

* update other parts to node 24

* bump to major version, audit fix, changelog

* update licenses

* update dist

* update major version

* will do separate pr for v5 and will do a minor version for previous changes

* Prepare v5.0.0 release (actions#2238)

* Update README to include Node.js 24 support details and requirements (actions#2248)

* Update README to include Node.js 24 support details and requirements

* Update

* Persist creds to a separate file (actions#2286)

* v6-beta (actions#2298)

* update readme/changelog for v6 (actions#2311)

* Update all references from v5 and v4 to v6 (actions#2314)

- Updated README.md examples to reference @v6
- Updated all workflow files to use actions/checkout@v6

* Add worktree support for persist-credentials includeIf (actions#2327)

* Clarify v6 README (actions#2328)

* Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (actions#2355)

* Initial plan

* Add orchestration ID support to git user-agent

Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Improve tests to verify user-agent content and handle empty sanitized IDs

Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>

* Simplify orchestration ID validation to accept any non-empty sanitized value

Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>

* Remove test for orchestration ID with only invalid characters

Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Fix tag handling: preserve annotations and explicit fetch-tags (actions#2356)

This PR fixes several issues with tag handling in the checkout action:

1. fetch-tags: true now works (fixes actions#1471)
   - Tags refspec is now included in getRefSpec() when fetchTags=true
   - Previously tags were only fetched during a separate fetch that was
     overwritten by the main fetch

2. Tag checkout preserves annotations (fixes actions#290)
   - Tags are fetched via refspec (+refs/tags/*:refs/tags/*) instead of
     --tags flag
   - This fetches the actual tag objects, preserving annotations

3. Tag checkout with fetch-tags: true no longer fails (fixes actions#1467)
   - When checking out a tag with fetchTags=true, only the wildcard
     refspec is used (specific tag refspec is redundant)

Changes:
- src/ref-helper.ts: getRefSpec() now accepts fetchTags parameter and
  prepends tags refspec when true
- src/git-command-manager.ts: fetch() simplified to always use --no-tags,
  tags are fetched explicitly via refspec
- src/git-source-provider.ts: passes fetchTags to getRefSpec()
- Added E2E test for fetch-tags option

Related actions#1471, actions#1467, actions#290

* Update changelog (actions#2357)

* fix: expand merge commit SHA regex and add SHA-256 test cases (actions#2414)

* fix: expand merge commit SHA regex and add SHA-256 test cases

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: add checkCommitInfo SHA coverage

Add checkCommitInfo tests for SHA-1 and SHA-256 merge messages and reject invalid 50-character hex merge heads.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* style: fix Prettier formatting in test and source files

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Signed-off-by: Luca Comellini <luca.com@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: yasonk <yason@hey.com>
Co-authored-by: Luca Comellini <luca.com@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Orhan Toy <orhantoy@github.com>
Co-authored-by: Joel Ambass <Jcambass@users.noreply.github.com>
Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com>
Co-authored-by: Erez Testiler <easyt@github.com>
Co-authored-by: The web walker <contact@motss.app>
Co-authored-by: Mohammad Ismail <96207520+mouismail@users.noreply.github.com>
Co-authored-by: Ben Wells <benwells@github.com>
Co-authored-by: Ben De St Paer-Gotch <nebuk89@github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
Co-authored-by: Salman Chishti <salmanmkc@GitHub.com>
Co-authored-by: eric sciple <ericsciple@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Yashwanth Anantharaju <yaananth@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ericsciple ericsciple ericsciple approved these changes

@salmanmkc salmanmkc salmanmkc approved these changes

@TingluoHuang TingluoHuang Awaiting requested review from TingluoHuang

+1 more reviewer

@roquesergio661-creator roquesergio661-creator roquesergio661-creator approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@TingluoHuang TingluoHuang

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@TingluoHuang @ericsciple @salmanmkc @roquesergio661-creator