Skip to content

Bump convictional/trigger-workflow-and-wait action to v1.6.5#8294

Merged
manny-yes merged 2 commits intomasterfrom
manny/1015-investigate-set-output-issue-on-private-build-workflow
Jan 6, 2026
Merged

Bump convictional/trigger-workflow-and-wait action to v1.6.5#8294
manny-yes merged 2 commits intomasterfrom
manny/1015-investigate-set-output-issue-on-private-build-workflow

Conversation

@manny-yes
Copy link
Collaborator

@manny-yes manny-yes commented Jan 5, 2026
edited
Loading

This change addresses the following GitHub Actions warning observed during the image build workflow execution:

Warning: The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files.

The warning is emitted by the convictional/trigger-workflow-and-wait@v1.6.1 action, which still uses the deprecated ::set-output command internally. GitHub has announced that set-output will be fully disabled, which would cause this workflow to break in the future.

We bump the action to v1.6.5, which replaces set-output with the supported GITHUB_OUTPUT environment file mechanism, fully complying with GitHub Actions’ current requirements and eliminating the warning.

Relevant notes (explicitly mentioning the fix):

This is a no-behavior-change update to ensure long-term workflow stability.

Closes https://github.com/onflow/ff-sre-infrastructure/issues/1015.

Summary by CodeRabbit

  • Chores
    • Updated build workflow automation action to a newer version for improved stability and maintenance.

✏️ Tip: You can customize this high-level summary in your review settings.

@manny-yes manny-yes requested review from Kay-Zee and j1010001 January 5, 2026 14:16
@manny-yes manny-yes self-assigned this Jan 5, 2026
@manny-yes manny-yes requested a review from a team as a code owner January 5, 2026 14:16
@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/convictional/trigger-workflow-and-wait 1.6.5 🟢 4.4
Details
CheckScoreReason
Code-Review🟢 6Found 17/25 approved changesets -- score normalized to 6
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • .github/workflows/image_builds.yml

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 5, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A GitHub Actions workflow file is updated to use a newer version of the convictional/trigger-workflow-and-wait action, upgrading from v1.6.1 to v1.6.5 in the secure-build job. No other logic or control flow is altered.

Changes

Cohort / File(s) Summary
Workflow Dependency Update
\.github/workflows/image_builds\.yml		 Updated convictional/trigger-workflow-and-wait action version from v1.6.1 to v1.6.5 in the secure-build job

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A hop and a skip through versions we go,
From 1.6.1 to 1.6.5's glow,
The workflow now faster, more sturdy, more bright,
Our GitHub Actions now running just right!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately and specifically describes the main change: bumping a GitHub Actions action version from v1.6.1 to v1.6.5.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov-commenter
Copy link

codecov-commenter commented Jan 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@manny-yes manny-yes enabled auto-merge January 6, 2026 16:36
@manny-yes manny-yes added this pull request to the merge queue Jan 6, 2026
Merged via the queue into master with commit 3f8ed45 Jan 6, 2026
61 checks passed
@manny-yes manny-yes deleted the manny/1015-investigate-set-output-issue-on-private-build-workflow branch January 6, 2026 19:35
@coderabbitai coderabbitai bot mentioned this pull request Mar 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kay-Zee Kay-Zee Kay-Zee approved these changes

@j1010001 j1010001 j1010001 approved these changes

Assignees

@manny-yes manny-yes

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@manny-yes @codecov-commenter @Kay-Zee @j1010001