Skip to content

BUILD-10765 Important: Update SonarSource/gh-action_release to v6#315

Open
SonarTech wants to merge 1 commit intomasterfrom
feat/BUILD-10765/update-gh-action_release-and-releasability
Open

BUILD-10765 Important: Update SonarSource/gh-action_release to v6#315
SonarTech wants to merge 1 commit intomasterfrom
feat/BUILD-10765/update-gh-action_release-and-releasability

Conversation

@SonarTech
Copy link
Copy Markdown
Contributor

@SonarTech SonarTech commented Apr 17, 2026

Important: Update GitHub Actions to compliant versions.

  • .github/workflows/release.yml: release c52861bb0e5dd564187f3fd74e048f20aef0f761v6

See: https://discuss.sonarsource.com/t/action-required-update-your-github-actions-cache-release-and-releasability-before-31-04-2026/23899

@hashicorp-vault-sonar-prod
Copy link
Copy Markdown

hashicorp-vault-sonar-prod bot commented Apr 17, 2026
edited by atlassian bot
Loading

BUILD-10765

@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha bot commented Apr 17, 2026
edited
Loading

Summary

This PR updates the SonarSource/gh-action_release dependency in the release workflow from a pinned commit hash (6.5.0) to the semantic version tag v6. The change affects both the test PyPI release job and the production PyPI release job in .github/workflows/release.yml. This is a compliance update with an April 31, 2026 deadline per SonarSource's requirement notice.

What reviewers should know

What changed: Two workflow job references (release-to-testpypi and release-to-pypi) now use @v6 instead of the pinned commit hash, allowing the action to receive minor updates and patches within the v6 major version.

For reviewers: Verify that both release jobs will function correctly with v6 of the action. The workflow configuration (permissions, inputs) remains identical — only the action reference was updated. No behavioral changes are expected, but confirm any v6 release notes if available.

Note: The deadline mentioned in the referenced forum post (April 31) appears to be a typo and likely means April 30 or May 1, 2026.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

Clean, minimal change — nothing to flag. The move from a pinned commit hash to @v6 is intentional and required by SonarSource's own compliance policy, so the trade-off (mutable tag vs. immutable SHA) is accepted by design.

🗣️ Give feedback

@sonarqube-next
Copy link
Copy Markdown

sonarqube-next bot commented Apr 17, 2026

Quality Gate passed Quality Gate passed for 'Python Scanner'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SonarTech @mikolaj-matuszny-ext-sonarsource