build(deps): bump actions/cache from 5 to 6#1289
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dependabot[bot] The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
🔗 Linked repositories identifiedCodeRabbit considers these linked repositories for cross-repo context during reviews:
🚧 Files skipped from review as they are similar to previous changes (1)
📜 Recent review details⏰ Context from checks skipped due to timeout. (1)
🧰 Additional context used🔀 Multi-repo contextLinked repositories findingscodeready-toolchain/host-operator (inspected
|
| Layer / File(s) | Summary |
|---|---|
Cache action upgrade .github/workflows/publish-components-for-e2e-tests.yml |
The dependency caching step uses actions/cache@v6 instead of actions/cache@v5. |
Estimated code review effort: 1 (Trivial) | ~2 minutes
Suggested reviewers: rsoaresd, xcoulon, MatousJobanek
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
| Check name | Status | Explanation |
|---|---|---|
| Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled. |
| Title check | ✅ Passed | The title clearly matches the only substantive change: bumping actions/cache from v5 to v6. |
| Docstring Coverage | ✅ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check. |
| Linked Issues check | ✅ Passed | Check skipped because no linked issues were found for this pull request. |
| Out of Scope Changes check | ✅ Passed | Check skipped because no linked issues were found for this pull request. |
✨ Finishing Touches
🧪 Generate unit tests (beta)
- Create PR with unit tests
- Commit unit tests in branch
dependabot/github_actions/actions/cache-6
Comment @coderabbitai help to get the list of available commands.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/publish-components-for-e2e-tests.yml:
- Line 61: The workflow step using actions/cache is still referenced by a
mutable version tag, so update the cache action reference in the
publish-components-for-e2e-tests workflow to an immutable commit SHA instead of
`@v6`. Keep the same actions/cache step, but replace the version pin with the
vetted SHA for the v6 release to satisfy the unpinned-action policy.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: 8f23d880-f815-4d6b-8824-8f6934d87658
📒 Files selected for processing (1)
.github/workflows/publish-components-for-e2e-tests.yml
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
codeready-toolchain/api(manual)codeready-toolchain/toolchain-common(manual)codeready-toolchain/host-operator(manual)codeready-toolchain/toolchain-e2e(manual)
📜 Review details
⏰ Context from checks skipped due to timeout. (2)
- GitHub Check: govulncheck
- GitHub Check: Build & push operator bundles & dashboard image for e2e tests
🧰 Additional context used
🪛 zizmor (1.26.1)
.github/workflows/publish-components-for-e2e-tests.yml
[error] 61-61: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
|
|
||
| - name: Cache dependencies | ||
| uses: actions/cache@v5 | ||
| uses: actions/cache@v6 |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟠 Major | ⚡ Quick win
Pin actions/cache to a commit SHA, not just @v6.
Line 61 uses a mutable tag, which violates the unpinned-action policy and weakens supply-chain guarantees. Pin to an immutable SHA for v6 instead.
Suggested change
- uses: actions/cache@v6
+ uses: actions/cache@<v6-commit-sha>🧰 Tools
🪛 zizmor (1.26.1)
[error] 61-61: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/publish-components-for-e2e-tests.yml at line 61, The
workflow step using actions/cache is still referenced by a mutable version tag,
so update the cache action reference in the publish-components-for-e2e-tests
workflow to an immutable commit SHA instead of `@v6`. Keep the same actions/cache
step, but replace the version pin with the vetted SHA for the v6 release to
satisfy the unpinned-action policy.
Source: Linters/SAST tools
Bumps [actions/cache](https://github.com/actions/cache) from 5 to 6. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v5...v6) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
de84f17 to
1e649b4
Compare
|
|
@dependabot[bot]: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |



Bumps actions/cache from 5 to 6.
Release notes
Sourced from actions/cache's releases.
... (truncated)
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
55cc834Merge pull request #1768 from jasongin/readonly-cached8cd72fBump@actions/cacheto v6.1.0 - handle cache write error due to RO token2c8a9bdMerge pull request #1760 from actions/samirat/esm_migration_and_package_updatee9b91fdPrettier fixese4884b8Rebuild dist10baf01Fixed licensese39b386Fix test mock return orderb692820PR feedback6074912Rebuild dist bundles as ESM to match type:module5a912e8Fix lint and jest issuesSummary by CodeRabbit