ci: update GitHub Actions to latest versions

.github/workflows/build-container.yml

@@ -38,7 +38,7 @@ jobs:
       digest: ${{ steps.build.outputs.digest }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -51,18 +51,18 @@ jobs:
           echo "repo=${REPO_NAME}" >> "$GITHUB_OUTPUT"
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push Docker image
         id: build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ${{ inputs.context }}
           file: ${{ inputs.file }}
@@ -82,7 +82,7 @@ jobs:
       digest: ${{ steps.build.outputs.digest }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
@@ -95,18 +95,18 @@ jobs:
           echo "repo=${REPO_NAME}" >> "$GITHUB_OUTPUT"
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push Docker image
         id: build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ${{ inputs.context }}
           file: ${{ inputs.file }}
@@ -125,15 +125,15 @@ jobs:
     needs: [build-amd64, build-arm64]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/build-depends.yml

@@ -37,7 +37,7 @@ jobs:
       dep-opts: ${{ steps.setup.outputs.DEP_OPTS }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           sparse-checkout: |
@@ -69,15 +69,15 @@ jobs:
 
       - name: Check for cached depends
         id: cache-check
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: depends/built/${{ steps.setup.outputs.HOST }}
           key: ${{ steps.setup.outputs.cache-key }}
           lookup-only: true
 
       - name: Cache SDKs
         id: cache-sdk-check
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         if: inputs.build-target == 'mac'
         with:
           path: depends/SDKs
@@ -98,19 +98,19 @@ jobs:
       options: --user root
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Restore depends sources
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: depends/sources
           key: depends-sources-${{ hashFiles('depends/packages/*') }}
           restore-keys: depends-sources-
 
       - name: Restore SDKs cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         if: inputs.build-target == 'mac'
         with:
           path: depends/SDKs
@@ -119,7 +119,7 @@ jobs:
           fail-on-cache-miss: true
 
       - name: Restore cached depends
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: depends/built/${{ needs.check-cache.outputs.host }}
           key: ${{ needs.check-cache.outputs.cache-key }}
@@ -132,7 +132,7 @@ jobs:
           env ${{ needs.check-cache.outputs.dep-opts }} make -j$(nproc) -C depends
 
       - name: Save depends cache
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5
         with:
           path: depends/built/${{ needs.check-cache.outputs.host }}
           key: ${{ needs.check-cache.outputs.cache-key }}

.github/workflows/build-src.yml

@@ -44,7 +44,7 @@ jobs:
       options: --user root
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 50
@@ -61,7 +61,7 @@ jobs:
         shell: bash
 
       - name: Restore SDKs cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         if: inputs.build-target == 'mac'
         with:
           path: |
@@ -70,7 +70,7 @@ jobs:
           fail-on-cache-miss: true
 
       - name: Restore depends cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: depends/built/${{ inputs.depends-host }}
           key: ${{ inputs.depends-key }}
@@ -84,7 +84,7 @@ jobs:
         shell: bash
 
       - name: Restore ccache cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: |
             /cache/ccache
@@ -111,15 +111,15 @@ jobs:
         if: |
           github.event_name == 'push' &&
           github.ref_name == github.event.repository.default_branch
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5
         with:
           path: |
             /cache/ccache
           key: ccache-${{ hashFiles('contrib/containers/ci/ci.Dockerfile', 'depends/packages/*') }}-${{ inputs.build-target }}-${{ github.sha }}
 
       - name: Restore ctcache cache
         if: inputs.build-target == 'linux64_multiprocess'
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           path: |
             /cache/ctcache
@@ -141,7 +141,7 @@ jobs:
           inputs.build-target == 'linux64_multiprocess' &&
           github.event_name == 'push' &&
           github.ref_name == github.event.repository.default_branch
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5
         with:
           path: |
             /cache/ctcache
@@ -165,7 +165,7 @@ jobs:
           echo "key=${BUNDLE_KEY}" >> "${GITHUB_OUTPUT}"
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ steps.bundle.outputs.key }}
           path: |

.github/workflows/build.yml

@@ -45,7 +45,7 @@ jobs:
 
       - name: Checkout code
         if: ${{ steps.skip-check.outputs.skip == 'false' }}
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Select runners
         id: select-runner

.github/workflows/cache-depends-sources.yml

@@ -20,13 +20,13 @@ jobs:
     runs-on: ${{ inputs.runs-on || 'ubuntu-24.04-arm' }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Check for cached sources
         id: cache-check
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: depends/sources
           key: depends-sources-${{ hashFiles('depends/packages/*') }}

.github/workflows/clang-diff-format.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
       - name: Fetch git
         run: git fetch --no-tags -fu origin develop:develop
       - name: Run Clang-Format-Diff.py

.github/workflows/guix-build.yml

@@ -25,14 +25,14 @@ jobs:
       repo-name: ${{ steps.prepare.outputs.repo-name }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           path: dash
           fetch-depth: 0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Commit variables
         id: prepare
@@ -46,14 +46,14 @@ jobs:
           echo "repo-name=${REPO_NAME}" >> $GITHUB_OUTPUT
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: ${{ github.workspace }}/dash
           build-args: |
@@ -84,14 +84,14 @@ jobs:
           sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           path: dash
           fetch-depth: 0
 
       - name: Cache depends sources
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: dash/depends/sources
           key: depends-sources-${{ hashFiles('dash/depends/packages/*') }}
@@ -100,7 +100,7 @@ jobs:
 
       - name: Cache Guix and depends
         id: guix-cache-restore
-        uses: actions/cache@v3
+        uses: actions/cache@v5
         with:
           path: |
             ${{ github.workspace }}/.cache
@@ -140,13 +140,13 @@ jobs:
           HOSTS=${{ matrix.build_target }} ./dash/contrib/containers/guix/scripts/guix-check ${{ github.workspace }}/dash
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: guix-artifacts-${{ matrix.build_target }}
           path: |
             ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/
 
       - name: Attest build provenance
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest@v4
         with:
           subject-path: ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/*

.github/workflows/lint.yml

@@ -21,7 +21,7 @@ jobs:
       options: --user root
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 50

.github/workflows/merge-check.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
@@ -49,7 +49,7 @@ jobs:
             needs rebase
 
       - name: comment
-        uses: mshick/add-pr-comment@v2
+        uses: mshick/add-pr-comment@v3
         if: failure()
         with:
           message: |

.github/workflows/predict-conflicts.yml

@@ -28,7 +28,7 @@ jobs:
         with:
           ghToken: "${{ secrets.GITHUB_TOKEN }}"
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: validate potential conflicts
         id: validate_conflicts
         run: pip3 install hjson && .github/workflows/handle_potential_conflicts.py "$conflicts"