coreos · prestist · Dec 11, 2025 · Dec 10, 2025
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,10 @@
 # Maintained in https://github.com/coreos/repo-templates
 # Do not edit downstream.
 
+# Updates are grouped together by ecosystem in a single PR. An update can be
+# removed from a combined update PR via comments to dependabot:
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-for-grouped-updates-with-comment-commands
+
 version: 2
 updates:
   - package-ecosystem: "github-actions"
@@ -9,6 +13,10 @@ updates:
       interval: "weekly"
     labels: ["skip-notes"]
     open-pull-requests-limit: 3
+    groups:
+      actions:
+        patterns:
+          - "*"
   - package-ecosystem: gomod
     directory: /
     schedule:
@@ -18,9 +26,6 @@ updates:
       - dependency
       - skip-notes
 
-    # Group all updates together in a single PR. We can remove some
-    # updates from a combined update PR via comments to dependabot:
-    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-for-grouped-updates-with-comment-commands
     groups:
       build:
         patterns:

diff --git a/.github/workflows/container-rebuild.yml b/.github/workflows/container-rebuild.yml
@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.inputs.git-tag }}
           # fetch tags so the compiled-in version number is useful

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # fetch tags so the compiled-in version number is useful
           fetch-depth: 0

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: ${{ matrix.go-version }}
     - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Install Linux dependencies
       if: runner.os == 'Linux'
       run: |
@@ -60,7 +60,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Set up Go 1.x
       uses: actions/setup-go@v5
       with:

diff --git a/.github/workflows/ignition-validate.yml b/.github/workflows/ignition-validate.yml
@@ -29,7 +29,7 @@ jobs:
       with:
         go-version: ${{ matrix.go-version }}
     - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Build ignition-validate
       shell: bash
       run: go build -o ignition-validate github.com/coreos/ignition/v2/validate

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
@@ -16,7 +16,7 @@ jobs:
     container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       # https://github.com/actions/checkout/issues/760
       - name: Mark git checkout as safe
         run: git config --global --add safe.directory "$GITHUB_WORKSPACE"