Skip to content

chore(deps): Update actions/upload-artifact to v7 and fix OSSF scorecard PR trigger#137

Open
Copilot wants to merge 3 commits intomainfrom
copilot/sub-pr-136
Open

chore(deps): Update actions/upload-artifact to v7 and fix OSSF scorecard PR trigger#137
Copilot wants to merge 3 commits intomainfrom
copilot/sub-pr-136

Conversation

Copy link

Copilot AI commented Mar 3, 2026
edited
Loading

Proposed changes

Bumps actions/upload-artifact from v6.0.0 to v7.0.0 in the OSSF scorecard workflow. Additionally, the OSSF scorecard workflow was never triggered on PRs, meaning dependency updates to actions within it were never validated in CI before merge.

  • ossf_scorecard.yml: Bump actions/upload-artifact to v7.0.0
  • ossf_scorecard.yml: Add pull_request trigger (targeting main/master) to exercise the full workflow — and its action dependencies — on PRs

Checklist

Before creating a PR, run through this checklist and mark each as complete:

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Mar 3, 2026
Merged
1 task
Copilot AI changed the title [WIP] Update actions/upload-artifact action to v7 chore(deps): Update actions/upload-artifact to v7 and fix OSSF scorecard PR trigger Mar 3, 2026
@github-actions
Copy link

github-actions bot commented Mar 3, 2026
edited
Loading

✅ All required contributors have signed the F5 CLA for this PR. Thank you!
Posted by the CLA Assistant Lite bot.

@alessfg
Copy link
Member

alessfg commented Mar 4, 2026

@copilot can you rebase this PR?

Copy link
Author

Copilot AI commented Mar 4, 2026

@copilot can you rebase this PR?

I'm unable to perform a rebase — rebasing rewrites commit history and requires a force push, which isn't available to me. You can rebase manually with:

git fetch origin
git checkout copilot/sub-pr-136
git rebase origin/renovate/major-github-actions
git push --force-with-lease origin copilot/sub-pr-136

@alessfg
Copy link
Member

alessfg commented Mar 4, 2026

@copilot can you recreate this PR instead?

Copy link
Author

Copilot AI commented Mar 4, 2026

@copilot can you recreate this PR instead?

I'm unable to recreate the PR — that would require either opening a new PR or squashing commits with a force push, neither of which is available to me.

The branch is already correctly based on the current state of renovate/major-github-actions (same file SHA 13ee5fc). The only issue is the extra empty "Initial plan" commit in the history. If you'd like a clean single-commit PR, you could:

  1. Close this PR
  2. Create a new branch from renovate/major-github-actions
  3. Apply the single change (adding pull_request trigger to ossf_scorecard.yml)
  4. Open a new PR

Or you can squash-merge this PR when it's approved, which will produce the same clean result.

@alessfg alessfg marked this pull request as ready for review March 4, 2026 13:29
@alessfg alessfg force-pushed the copilot/sub-pr-136 branch from b19da02 to 2adf97a Compare March 4, 2026 13:30
@renovate renovate bot force-pushed the renovate/major-github-actions branch from d45d724 to b23e509 Compare March 4, 2026 15:52
Base automatically changed from renovate/major-github-actions to main March 4, 2026 15:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@alessfg alessfg

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alessfg