chore(deps): update actions/checkout action to v5

2025-08-12 20:35:57 +00:00
20 changed files with 64 additions and 67 deletions
--- a/.gitea/workflows/build-push-docker.yml
+++ b/.gitea/workflows/build-push-docker.yml
@@ -43,7 +43,7 @@ jobs:
          REPO: ${{ gitea.repository }}

      - name: Check out repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
          ref: ${{ inputs.release }}
--- a/.gitea/workflows/changelog.yaml
+++ b/.gitea/workflows/changelog.yaml
@@ -19,7 +19,7 @@ jobs:
      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

--- a/.gitea/workflows/ci-docker.yml
+++ b/.gitea/workflows/ci-docker.yml
@@ -12,11 +12,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

-      - uses: hadolint/hadolint-action@v3.3.0
+      - uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
@@ -24,7 +24,7 @@ jobs:
          no-fail: true

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python-poetry-with-docker.yml
+++ b/.gitea/workflows/ci-python-poetry-with-docker.yml
@@ -20,11 +20,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

-      - uses: hadolint/hadolint-action@v3.3.0
+      - uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
@@ -32,7 +32,7 @@ jobs:
          no-fail: true

      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ inputs.python-version }}"

@@ -44,7 +44,7 @@ jobs:
          poetry config virtualenvs.create true --local
          poetry config virtualenvs.in-project true --local

-      - uses: actions/cache@v5
+      - uses: actions/cache@v4
        name: Define cache for dependencies
        with:
          path: ./.venv
@@ -66,7 +66,7 @@ jobs:
          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python-poetry.yml
+++ b/.gitea/workflows/ci-python-poetry.yml
@@ -20,12 +20,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ inputs.python-version }}"

@@ -37,7 +37,7 @@ jobs:
          poetry config virtualenvs.create true --local
          poetry config virtualenvs.in-project true --local

-      - uses: actions/cache@v5
+      - uses: actions/cache@v4
        name: Define cache for dependencies
        with:
          path: ./.venv
@@ -57,7 +57,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python-uv-with-docker.yml
+++ b/.gitea/workflows/ci-python-uv-with-docker.yml
@@ -19,12 +19,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

      - name: Run Hadolint
-        uses: hadolint/hadolint-action@v3.3.0
+        uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
@@ -32,12 +32,12 @@ jobs:
          no-fail: true

      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ vars.PYTHON_VERSION }}"

      - name: uv cache
-        uses: actions/cache@v5
+        uses: actions/cache@v4
        with:
          path: /tmp/.uv-cache
          key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
@@ -63,7 +63,7 @@ jobs:
        run: uv cache prune --ci

      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitea/workflows/ci-python-with-docker.yml
+++ b/.gitea/workflows/ci-python-with-docker.yml
@@ -17,11 +17,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

-      - uses: hadolint/hadolint-action@v3.3.0
+      - uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
@@ -29,14 +29,14 @@ jobs:
          no-fail: true

      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ inputs.python-version }}"

      - name: Update Pip
        run: pip install -U pip

-      - uses: actions/cache@v5
+      - uses: actions/cache@v4
        name: Define cache for dependencies
        with:
          path: .
@@ -58,7 +58,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/ci-python.yml
+++ b/.gitea/workflows/ci-python.yml
@@ -17,19 +17,19 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ inputs.python-version }}"

      - name: Update Pip
        run: pip install -U pip

-      - uses: actions/cache@v5
+      - uses: actions/cache@v4
        name: Define cache for dependencies
        with:
          path: .
@@ -51,7 +51,7 @@ jobs:
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml

      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

--- a/.gitea/workflows/create-release.yml
+++ b/.gitea/workflows/create-release.yml
@@ -19,7 +19,7 @@ jobs:
      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

@@ -72,7 +72,7 @@ jobs:
    needs: get_next_release
    steps:
      - name: Check out repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

--- a/.gitea/workflows/docker-compose-deploy.yml
+++ b/.gitea/workflows/docker-compose-deploy.yml
@@ -24,7 +24,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:      
      - name: "[ON RUNNER] Notify Build Start"
-        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
        env:
          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
@@ -35,7 +35,7 @@ jobs:
          url_title: 'View Logs'

      - name: "[ON RUNNER] Checkout the repo"
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
      
      - name: "[ON RUNNER] Set project variables"
        run: |
@@ -54,7 +54,7 @@ jobs:
          ALLSECRETS: ${{ toJSON(secrets) }}
      
      - name: "[ON HOST] Make directory if not exists"
-        uses: appleboy/ssh-action@v1.2.4
+        uses: appleboy/ssh-action@v1.2.2
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
@@ -74,7 +74,7 @@ jobs:
          target: "${{ env.project_folder }}/"
      
      - name: "[ON HOST] Deploy Stack"
-        uses: appleboy/ssh-action@v1.2.4
+        uses: appleboy/ssh-action@v1.2.2
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
@@ -85,7 +85,7 @@ jobs:
            docker compose --env-file .env up --detach
      
      - name: "[ON RUNNER] Notify Build End"
-        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
        env:
          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
--- a/.gitea/workflows/docker-compose-remove.yml
+++ b/.gitea/workflows/docker-compose-remove.yml
@@ -24,7 +24,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: "[ON RUNNER] Notify Build Start"
-        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
        env:
          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
@@ -41,7 +41,7 @@ jobs:
          echo "project_folder=/home/${{ secrets.DEPLOY_USERNAME }}/$projectname" >> $GITEA_ENV

      - name: "[ON HOST] Remove Stack"
-        uses: appleboy/ssh-action@v1.2.4
+        uses: appleboy/ssh-action@v1.2.2
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
@@ -54,7 +54,7 @@ jobs:
            rm -rf ${{ env.project_folder }}
      
      - name: "[ON RUNNER] Notify Build End"
-        uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
        env:
          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
--- a/.gitea/workflows/release-with-tag.yaml
+++ b/.gitea/workflows/release-with-tag.yaml
@@ -19,7 +19,7 @@ jobs:
      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0

--- a/.github/workflows/build-push-attest-docker.yml
+++ b/.github/workflows/build-push-attest-docker.yml
@@ -24,7 +24,7 @@ jobs:
      success: ${{ steps.set_flag.outputs.success }}
    steps:
      - name: Check out the repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
        with:
          ref: ${{ inputs.release }}

@@ -59,7 +59,7 @@ jobs:
            ghcr.io/${{ github.repository }}:${{ inputs.release }}

      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v2
        with:
          subject-name: ghcr.io/${{ github.repository }}
          subject-digest: ${{ steps.push.outputs.digest }}
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -12,17 +12,17 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.3.0
+      - uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
          format: sonarqube
          no-fail: true
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -34,7 +34,7 @@ jobs:
        with:
          args: --sarif-file-output=snyk.sarif --all-projects
      - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif

--- a/.github/workflows/ci-python-poetry-with-docker.yml
+++ b/.github/workflows/ci-python-poetry-with-docker.yml
@@ -22,17 +22,17 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.3.0
+      - uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
          format: sonarqube
          no-fail: true
      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ steps.python-version.outputs.value }}"
      - name: Setup Poetry
@@ -49,7 +49,7 @@ jobs:
          poetry run coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -61,6 +61,6 @@ jobs:
        with:
          args: --sarif-file-output=snyk.sarif --all-projects
      - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif
--- a/.github/workflows/ci-python-poetry.yml
+++ b/.github/workflows/ci-python-poetry.yml
@@ -22,11 +22,11 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ steps.python-version.outputs.value }}"
      - name: Setup Poetry
@@ -41,7 +41,7 @@ jobs:
          poetry run coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -53,6 +53,6 @@ jobs:
        with:
          args: --sarif-file-output=snyk.sarif --all-projects
      - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif
--- a/.github/workflows/ci-python-with-docker.yml
+++ b/.github/workflows/ci-python-with-docker.yml
@@ -22,17 +22,17 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
-      - uses: hadolint/hadolint-action@v3.3.0
+      - uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
          format: sonarqube
          no-fail: true
      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ steps.python-version.outputs.value }}"
      - name: Update Pip
@@ -50,7 +50,7 @@ jobs:
          coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -62,6 +62,6 @@ jobs:
        with:
          args: --sarif-file-output=snyk.sarif --all-projects
      - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -22,11 +22,11 @@ jobs:
          PYTHON_VERSION=${{ inputs.python-version }}
          echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
      - name: Check out repository code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v5.0.0
        with:
          fetch-depth: 0
      - name: Setup Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v5
        with:
          python-version: "${{ steps.python-version.outputs.value }}"
      - name: Update Pip
@@ -44,7 +44,7 @@ jobs:
          coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -56,6 +56,6 @@ jobs:
        with:
          args: --sarif-file-output=snyk.sarif --all-projects
      - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -17,7 +17,7 @@ jobs:
      release_name: ${{ steps.tag_version.outputs.new_tag }}
      success: ${{ steps.set_flag.outputs.success }}
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0

--- a/renovate.json
+++ b/renovate.json
@@ -11,9 +11,6 @@
  "assigneesFromCodeOwners": false,
  "rebaseWhen": "behind-base-branch",
  "rollbackPrs": true,
-  "semanticCommits": "enabled",
-  "semanticCommitScope": "deps",
-  "semanticCommitType": "feat",
  "labels": [
    "type/dependencies"
  ],