Skip to content

chore(ci): bump GitHub Actions versions and clarify release versioning#16

Open
ig596 wants to merge 2 commits into
mainfrom
optimize-codebase
Open

chore(ci): bump GitHub Actions versions and clarify release versioning#16
ig596 wants to merge 2 commits into
mainfrom
optimize-codebase

Conversation

@ig596
Copy link
Copy Markdown
Owner

@ig596 ig596 commented Apr 25, 2026

Motivation

  • Keep CI and release workflows aligned with current upstream action releases and address the request to bump action versions across workflows.
  • Make it explicit in the docs that project version bumps are produced by the release workflow (python-semantic-release) so contributors do not manually edit pyproject.toml for routine PRs.

Description

  • Updated workflow files (.github/workflows/ci.yaml, .github/workflows/release.yaml, .github/workflows/run-reputation-check.yaml) to use newer actions including actions/checkout@v6, actions/setup-python@v6, docker/setup-buildx-action@v4, docker/build-push-action@v7, docker/metadata-action@v6, python-semantic-release/*@v10.5.3, anchore/sbom-action@v0.24.0, and softprops/action-gh-release@v3.
  • Aligned the README example to use actions/checkout@v6 and added a small "Versioning & Releases" section that documents automatic version bumps via python-semantic-release.
  • Committed changes using a conventional-style message: chore(ci): bump GitHub action versions and clarify release versioning.

Testing

  • Ran ruff check . and the linter checks passed.
  • Ran poetry install --with dev to install dependencies and the install completed successfully.
  • Ran poetry run pytest -q and the full test suite passed (all tests succeeded).

Codex Task

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 25, 2026

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

  1. Generate a GPG key
  2. Add the GPG key to your GitHub account
  3. Configure git to use your GPG key for commit signing
Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

  1. Generate an SSH key and add it to ssh-agent
  2. Add the SSH key to your GitHub account
  3. Configure git to use your SSH key for commit signing
Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.

Watch the demo

@ig596 ig596 force-pushed the optimize-codebase branch from 50e6447 to 2a023bc Compare April 25, 2026 01:13
@ig596 ig596 marked this pull request as ready for review April 25, 2026 01:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ig596