You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is an automated Renovate bot PR that bumps actions/checkout from v4 to v6 (a major version jump spanning two major releases) across both CI workflow files (build.yml and deploy-apk.yml). The change is minimal and mechanically correct — two one-line substitutions. The PR has already been merged.
Blocking Issues
None. The change is straightforward and low-risk for a GitHub Actions version bump.
Non-blocking Suggestions
Major version jump (v4 → v6) — verify compatibility: This skips an entire major version (v5). While Renovate correctly targets the latest, the PR body contains empty release notes (just comparison links with no content). It would be prudent to verify the actions/checkout v5 and v6 changelogs for any breaking changes, particularly around:
Node.js runtime version requirements (Actions runner compatibility)
Changes to default behavior (e.g., fetch-depth, persist-credentials, submodule handling)
Any new required inputs or changed defaults
Consider SHA pinning for supply-chain security: Both workflow files use tag-based references (@v6) rather than pinned commit SHAs. While this matches the existing project convention, pinning to a full SHA (e.g., actions/checkout@<sha> # v6) is a security best practice that protects against tag hijacking. This is not a regression introduced by this PR, but worth considering as a future improvement — tools like StepSecurity or Renovate's pinDigests option can automate this.
Other actions may also need updates: I notice actions/setup-java@v5 and gradle/wrapper-validation-action@v3.5.0 are used in the same workflows. Keeping these in sync with their latest versions (as Renovate likely handles separately) is good hygiene.
Questions / Clarifications
None — the intent is clear and the change is correct.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v4→v6Release Notes
actions/checkout (actions/checkout)
v6Compare Source
v5Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.