ci: bump docker/login-action from 0267638d8ae53966df71bb06d552129dd542dfa7 to 946f94de75ea52995b6aa1e54fd3e0aeed6cc573 in the github-actions group across 1 directory#759
Conversation
dependabot
Bot
added
dependencies
|
@dependabot rebase |
Bumps the github-actions group with 1 update in the / directory: [docker/login-action](https://github.com/docker/login-action). Updates `docker/login-action` from 0267638d8ae53966df71bb06d552129dd542dfa7 to 946f94de75ea52995b6aa1e54fd3e0aeed6cc573 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@0267638...946f94d) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 946f94de75ea52995b6aa1e54fd3e0aeed6cc573 dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/github_actions/github-actions-d71606d8a9
branch
from
44a6d66 to
8c2d827
Compare
PierreLeGuen
left a comment
PierreLeGuen
left a comment
There was a problem hiding this comment.
Routine Dependabot bump of the docker/login-action commit pin from 0267638d to 946f94de across four workflows (build.yml, promote.yml, retag.yml, rollback.yml). The change is safe to merge:
- The new SHA exists upstream in
docker/login-actionand matches the verified tip of upstreammaster, merged by the maintainer on 2026-06-09 (not a fork commit). - The delta from the old pin (5 commits) touches only docker/login-action's own internal CI workflow — no changes to
action.ymlor the compileddist/runtime, so this is functionally a no-op for consumers. - All four references were updated consistently; no stale references to the old SHA remain in
.github/, and all four files parse as valid YAML.
One non-blocking observation: neither the old nor the new pin corresponds to a release tag — this repo is pinning floating master commits (.github/workflows/build.yml:34, promote.yml:49, retag.yml:77, rollback.yml:61), so each Dependabot bump ingests unreleased code from the upstream default branch. That practice predates this PR, but consider re-pinning to the latest release SHA (v4.2.0, 650006c6eb7dba73a995cc03b0b2d7f5ca915bee) with a # v4.2.0 comment so Dependabot tracks releases instead of branch tips.
Checks run locally: inspected the full PR diff (4 files, 4 insertions/4 deletions, pin bump only); verified both SHAs resolve upstream via the GitHub API and compared old→new and master→new; grepped .github/ for stale old-SHA references (none); YAML-parsed all four modified workflows (valid); git diff --check clean. actionlint was skipped (not installed); cargo build/test skipped since no Rust code changed. PR CI showed Lint passing with Test Suite and security_audit still pending at review time — none of those jobs exercise the changed workflows.
lloydmak99
left a comment
lloydmak99
left a comment
There was a problem hiding this comment.
Approve. Mechanical SHA bump for docker/login-action across 4 CI workflows — no logic changes.
Evrard-Nil
temporarily deployed
to
Cloud API test env
GitHub Actions
Inactive
dependabot
Bot
deleted the
dependabot/github_actions/github-actions-d71606d8a9
branch
3 participants
Bumps the github-actions group with 1 update in the / directory: docker/login-action.
Updates
docker/login-actionfrom 0267638d8ae53966df71bb06d552129dd542dfa7 to 946f94de75ea52995b6aa1e54fd3e0aeed6cc573Commits
946f94dMerge pull request #1007 from crazy-max/ci-creds-updatef50e5f8ci: update registry to auth to garc5e5fd0ci: update registry to auth to acr60e5331ci: update registry to auth to ecr6a848e5ci: update secrets to auth to docker hub