Skip to content

chore: update workflows #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sdh100shaun wants to merge 4 commits into
base: main
Choose a base branch
from
Open

chore: update workflows #89

sdh100shaun wants to merge 4 commits into from

Conversation

@sdh100shaun
Copy link
Contributor

@sdh100shaun sdh100shaun commented Nov 23, 2025
edited
Loading

WARNING~ PR DESCRIOTION WRITTEN BY COPILOT

Description

This pull request updates various GitHub Actions workflow templates and security workflows to use newer, stable, and more specific action versions. The main changes focus on improving reliability and security by referencing fixed action versions instead of floating or outdated ones, and by upgrading reusable workflow versions across multiple templates.

Workflow action version upgrades:

  • Updated all uses of actions/checkout and actions/setup-node to explicit version v6.0.0 instead of v4 in workflow-templates/check-pr-title.yaml, workflow-templates/ci.yaml, and workflow-templates/snyk-monitor.yaml. [1] [2] [3]
  • Changed Snyk actions from @master to the stable @v1.0.0 release in Node.js and PHP security workflows (.github/workflows/nodejs-security.yaml, .github/workflows/php-security.yml, .github/workflows/php-library-security.yml, and workflow-templates/snyk-monitor.yaml). [1] [2] [3] [4]

Reusable workflow version upgrades:

  • Updated all reusable workflow references (such as nodejs-lint.yaml, nodejs-test.yaml, nodejs-build.yaml, upload-to-s3.yaml, update-lambda-function.yaml, nodejs-publish.yaml, php-library-security.yml, php-library-static.yml, php-library-tests.yml, php-security.yml, php-static.yml, php-tests.yml, terraform-static-full.yaml, and terraform-static.yaml) to use the latest v5.10.0 version (or equivalent) instead of older versions like v4.1.1 or v5.0.6. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

Security and code scanning improvements:

  • Upgraded octokit/graphql-action from v2.x to v3.0.0 and github/codeql-action/upload-sarif from v2 to v3 in PHP security workflows for improved compatibility and features. [1] [2] [3] [4]

These updates help ensure that workflows are more secure, predictable, and benefit from the latest features and fixes.

Related issue: n/a

Before submitting (or marking as "ready for review")

  • Does the pull request title follow the conventional commit specification?
  • Have you performed a self-review of the code
  • Have you have added tests that prove the fix or feature is effective and working
  • Did you make sure to update any documentation relating to this change?

@sdh100shaun sdh100shaun changed the title Chore: update workflows chore: update workflows Nov 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerotire jerotire jerotire approved these changes

@fibble fibble Awaiting requested review from fibble

@dhcrees dhcrees Awaiting requested review from dhcrees

@hobbyhacker0 hobbyhacker0 Awaiting requested review from hobbyhacker0

@ilindsay ilindsay Awaiting requested review from ilindsay

@Cullima Cullima Awaiting requested review from Cullima

@matthew2564 matthew2564 Awaiting requested review from matthew2564

@gabrielg2020 gabrielg2020 Awaiting requested review from gabrielg2020

@BrandonT95 BrandonT95 Awaiting requested review from BrandonT95

@NathanielRichards1 NathanielRichards1 Awaiting requested review from NathanielRichards1

@AnnaDodson AnnaDodson Awaiting requested review from AnnaDodson

@aaronddvsa aaronddvsa Awaiting requested review from aaronddvsa

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sdh100shaun @jerotire