Skip to content

Upgrade GitHub Actions to latest versions #7586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
salmanmkc wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Upgrade GitHub Actions to latest versions #7586

salmanmkc wants to merge 2 commits into from

Conversation

@salmanmkc
Copy link

@salmanmkc salmanmkc commented Dec 13, 2025
edited
Loading

Summary

Upgrade GitHub Actions to their latest versions for improved features, bug fixes, and security updates.

Changes

Action Old Version(s) New Version Files
aws-actions/configure-aws-credentials 50ac8dd, 67fbcbb, ececac1 61815dc workflow files
pypa/gh-action-pypi-publish release/v1 ed0c539 workflow files

Why upgrade?

Keeping GitHub Actions up to date ensures:

  • Security: Latest security patches and fixes
  • Features: Access to new functionality and improvements
  • Compatibility: Better support for current GitHub features
  • Performance: Optimizations and efficiency improvements

Note on pypa/gh-action-pypi-publish

This action uses branch-based versioning (release/v1.x) rather than tags. The v1 tag does not exist in this repository.

This PR pins to the SHA of release/v1.13 for security best practices:

uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # release/v1.13

Testing

These changes only affect CI/CD workflow configurations and should not impact application functionality.

@vercel
Copy link

vercel bot commented Dec 13, 2025

@salmanmkc is attempting to deploy a commit to the Meta Open Source Team on Vercel.

A member of the Team first needs to authorize it.

@meta-cla meta-cla bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Dec 13, 2025
@salmanmkc
Fix pypa/gh-action-pypi-publish to use SHA pinning
0869f7e 
Pin to release/v1.13 for security best practices.
The v1 tag doesn't exist - only release/v1 branch exists.

Signed-off-by: Salman Muin Kayser Chishti <[email protected]>
@salmanmkc
Copy link
Author

salmanmkc commented Dec 17, 2025

Updated this PR to fix the pypa/gh-action-pypi-publish version.

The v1 tag doesn't exist in that repo - it uses branch-based versioning (release/v1).

Changed to SHA pinning: @ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@salmanmkc