Skip to content

chore: Cherry-picked changes from upstream #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
github-actions wants to merge 15 commits into
base: main
Choose a base branch
from
Open

chore: Cherry-picked changes from upstream #25

github-actions wants to merge 15 commits into from

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Jan 7, 2026

Cherry-picked changes from upstream.

@github-actions
Add action typings with validation (#721)
3e4a38e 
I'd like to add machine-readable type hints for this action. They also
serve as a formal documentation on the types of action's inputs and
outputs, which is a standardized way of documenting these also for human
users. See https://github.com/typesafegithub/github-actions-typing for
details. Dozens of actions already provide typings this way.

In particular, this change will let the users of
https://github.com/typesafegithub/github-workflows-kt use this action in
a convenient, type-safe way from their Kotlin workflows. From the
binding service's metrics I see that this action is among the most
popular ones that doesn't have typings configured, so on behalf of the
users of this tool, I'm asking you to consider adding the typings.
@github-actions
Copy link
Contributor Author

github-actions bot commented Jan 7, 2026

🚀 PR Updated!

The PR has been updated with the latest cherry-picked commits.

@step-security/maintained-actions-dev Please review and approve the changes.

📦 Target Release Version: v7.2.0
📋 Previous Release Version: v7.1.6

❗ Missing Files:

  • AGENTS.md

🛑 Workflow Files (Cannot be auto-applied by GitHub Actions):

  • .github/workflows/test.yml from commit 45cfcb3be5323e8be48c8a1849f80be7e5152a90
  • .github/workflows/codeql-analysis.yml from commit f4ed82a8ce6248172e7bb82bff9d40c7b9f4a02f
  • .github/workflows/update-known-versions.yml from commit 1d22fafd8beb445256265674ac2958f9bff99ef2
  • .github/workflows/test.yml from commit 61cb8a9741eeb8a550a1b8544337180c0fc8476b

❌ Conflicting Files:

  • src/utils/inputs.ts from commit 9c8d030b7f1a3d0171f574badea77d331a72a2ce
  • src/download/checksum/known-checksums.ts from commit ce0a8994de8434fcf2a6517441306c6cd1c0ecf5
  • version-manifest.json from commit ce0a8994de8434fcf2a6517441306c6cd1c0ecf5
  • src/download/checksum/known-checksums.ts from commit 2630c86ac3d3892ec220898a1b2cd3c39c219041
  • version-manifest.json from commit 2630c86ac3d3892ec220898a1b2cd3c39c219041
  • version-manifest.json from commit 702b425af1c366e68b4a9449a8de6dd98b63e979
  • version-manifest.json from commit e0409b43c0fb363b3b04c3065e6d48ca043509ab
  • src/save-cache.ts from commit 61cb8a9741eeb8a550a1b8544337180c0fc8476b

@github-actions
Copy link
Contributor Author

github-actions bot commented Jan 7, 2026

🔍 Cherry-Pick Verification Report

📦 Upstream Changes: v7.1.6...v7.2.0

📋 File-by-File Analysis:

.github/workflows/codeql-analysis.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 3 deletions)

.github/workflows/test.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+20 -1)

.github/workflows/update-known-versions.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

AGENTS.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 0 deletions)

README.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -0)

__tests__/fixtures/old-python-constraint-project/pyproject.toml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -2)

__tests__/fixtures/old-python-constraint-project/uv.lock

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+30 -28)

action-types.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+75 -0)

action.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+4 -0)

src/cache/restore-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+45 -54)

src/download/checksum/known-checksums.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ❌ No
  • Status: 🟡 Partial - ❌ Cherry-pick incomplete (+144 -0) | Missing 72 additions

src/save-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+63 -38)

src/setup-uv.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+35 -1)

src/utils/inputs.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

📊 Summary:

  • Total files changed upstream: 14
  • Files present in PR: 8/14
  • Files with matching changes: 7/14

Overall Status: 🔴 INCOMPLETE - Missing files or changes

github-actions bot added 12 commits January 13, 2026 09:13
@github-actions @Raj-StepSecurity
chore: update known checksums for 0.9.21 (#726)
0ce172c 
chore: update known checksums for 0.9.21
@github-actions @Raj-StepSecurity
chore: update known checksums for 0.9.22 (#727)
99f09e6 
chore: update known checksums for 0.9.22
@github-actions @Raj-StepSecurity
fix: use uv_build backend for old-python-constraint-project (#729)
04b5417 
The test-no-python-version test was failing because hatchling's
dependency on pathspec was incompatible with Python 3.9,
causing a TypeError during the build process.

Fixed by switching from hatchling to uv_build backend
(0.9.22-0.10.0 range) which is fully compatible with
Python 3.9. The uv.lock file is updated to reflect the
new build backend and latest compatible versions of dependencies.
@github-actions @Raj-StepSecurity
fix: use uv_build backend for old-python-constraint-project (#729)
7cc6e39 
The test-no-python-version test was failing because hatchling's
dependency on pathspec was incompatible with Python 3.9,
causing a TypeError during the build process.

Fixed by switching from hatchling to uv_build backend
(0.9.22-0.10.0 range) which is fully compatible with
Python 3.9. The uv.lock file is updated to reflect the
new build backend and latest compatible versions of dependencies.
@github-actions @Raj-StepSecurity
add outputs python-version and python-cache-hit (#728)
9c5021d 
This commit splits up the "normal" cache containing the dependencies and
the "python" cache containing the python binaries. This will lead to a
one-time invalidation of caches.

Closes: #713
@github-actions @Raj-StepSecurity
add outputs python-version and python-cache-hit (#728)
a649e5e 
This commit splits up the "normal" cache containing the dependencies and
the "python" cache containing the python binaries. This will lead to a
one-time invalidation of caches.

Closes: #713
@github-actions @Raj-StepSecurity
add outputs python-version and python-cache-hit (#728)
d15b5d4 
This commit splits up the "normal" cache containing the dependencies and
the "python" cache containing the python binaries. This will lead to a
one-time invalidation of caches.

Closes: #713
@github-actions @Raj-StepSecurity
add outputs python-version and python-cache-hit (#728)
77b29cd 
This commit splits up the "normal" cache containing the dependencies and
the "python" cache containing the python binaries. This will lead to a
one-time invalidation of caches.

Closes: #713
@github-actions @Raj-StepSecurity
add outputs python-version and python-cache-hit (#728)
92af2c5 
This commit splits up the "normal" cache containing the dependencies and
the "python" cache containing the python binaries. This will lead to a
one-time invalidation of caches.

Closes: #713
@github-actions @Raj-StepSecurity
fix: apply code build script
85a24bf
@github-actions @Raj-StepSecurity
fix: apply code build script
18bba5b
@github-actions @Raj-StepSecurity
fix: apply code build script
bc89521
@github-actions
Copy link
Contributor Author

github-actions bot commented Jan 13, 2026

🔍 Cherry-Pick Verification Report

📦 Upstream Changes: v7.1.6...v7.2.0

📋 File-by-File Analysis:

.github/workflows/codeql-analysis.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 3 deletions)

.github/workflows/test.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+20 -1)

.github/workflows/update-known-versions.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

AGENTS.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 0 deletions)

README.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -0)

__tests__/fixtures/old-python-constraint-project/pyproject.toml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -2)

__tests__/fixtures/old-python-constraint-project/uv.lock

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+30 -28)

action-types.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+75 -0)

action.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+4 -0)

src/cache/restore-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+45 -54)

src/download/checksum/known-checksums.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ❌ No
  • Status: 🟡 Partial - ❌ Cherry-pick incomplete (+144 -0) | Missing 72 additions

src/save-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+63 -38)

src/setup-uv.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+35 -1)

src/utils/inputs.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

📊 Summary:

  • Total files changed upstream: 14
  • Files present in PR: 8/14
  • Files with matching changes: 7/14

Overall Status: 🔴 INCOMPLETE - Missing files or changes

@github-actions
Copy link
Contributor Author

github-actions bot commented Jan 13, 2026

🔍 Cherry-Pick Verification Report

📦 Upstream Changes: v7.1.6...v7.2.0

📋 File-by-File Analysis:

.github/workflows/codeql-analysis.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 3 deletions)

.github/workflows/test.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ❌ No
  • Status: 🟡 Partial - ❌ Cherry-pick incomplete (+20 -1) | Missing 11 additions

.github/workflows/update-known-versions.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

AGENTS.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 0 deletions)

README.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -0)

__tests__/fixtures/old-python-constraint-project/pyproject.toml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -2)

__tests__/fixtures/old-python-constraint-project/uv.lock

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+30 -28)

action-types.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+75 -0)

action.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+4 -0)

src/cache/restore-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+45 -54)

src/download/checksum/known-checksums.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ❌ No
  • Status: 🟡 Partial - ❌ Cherry-pick incomplete (+144 -0) | Missing 72 additions

src/save-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All upstream changes applied (+63 -38) with 1 additional changes

src/setup-uv.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+35 -1)

src/utils/inputs.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

📊 Summary:

  • Total files changed upstream: 14
  • Files present in PR: 10/14
  • Files with matching changes: 8/14

Overall Status: 🔴 INCOMPLETE - Missing files or changes

@github-actions
Copy link
Contributor Author

github-actions bot commented Jan 13, 2026

🔍 Cherry-Pick Verification Report

📦 Upstream Changes: v7.1.6...v7.2.0

📋 File-by-File Analysis:

.github/workflows/codeql-analysis.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 3 additions, 3 deletions)

.github/workflows/test.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ❌ No
  • Status: 🟡 Partial - ❌ Cherry-pick incomplete (+20 -1) | Missing 11 additions

.github/workflows/update-known-versions.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 1 deletions)

AGENTS.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - File missing in PR (upstream has 1 additions, 0 deletions)

README.md

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -0)

__tests__/fixtures/old-python-constraint-project/pyproject.toml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+2 -2)

__tests__/fixtures/old-python-constraint-project/uv.lock

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+30 -28)

action-types.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+75 -0)

action.yml

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+4 -0)

src/cache/restore-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+45 -54)

src/download/checksum/known-checksums.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ❌ No
  • Status: 🟡 Partial - ❌ Cherry-pick incomplete (+144 -0) | Missing 72 additions

src/save-cache.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All upstream changes applied (+63 -38) with 1 additional changes

src/setup-uv.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ✅ Yes
  • Changes match: ✅ Yes
  • Status: 🟢 Perfect - ✅ All changes applied correctly (+35 -1)

src/utils/inputs.ts

  • Upstream has changes: ✅ Yes
  • File exists in PR: ❌ No
  • Status: 🔴 Missing - ❌ No PR patch available (+1 -1)

📊 Summary:

  • Total files changed upstream: 14
  • Files present in PR: 10/14
  • Files with matching changes: 8/14

Overall Status: 🔴 INCOMPLETE - Missing files or changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

review-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Raj-StepSecurity