Skip to content

ci(deps): bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0#247

Merged
Wootehfook merged 1 commit intodevelopfrom
dependabot/github_actions/develop/crazy-max/ghaction-import-gpg-7.0.0
Apr 12, 2026
Merged

ci(deps): bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0#247
Wootehfook merged 1 commit intodevelopfrom
dependabot/github_actions/develop/crazy-max/ghaction-import-gpg-7.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 8, 2026
edited
Loading

Bumps crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0.

Release notes

Sourced from crazy-max/ghaction-import-gpg's releases.

v7.0.0

Full Changelog: crazy-max/ghaction-import-gpg@v6.3.0...v7.0.0

Commits
  • 2dc316d Merge pull request #242 from crazy-max/dependabot/npm_and_yarn/actions/exec-3...
  • 5812792 chore: update generated content
  • ceb906e build(deps): bump @​actions/exec from 1.1.1 to 3.0.0
  • a9dffd9 Merge pull request #241 from crazy-max/node24
  • 36d49fc node 24 as default runtime
  • 50c4e4f Merge pull request #233 from crazy-max/dependabot/npm_and_yarn/openpgp-6.3.0
  • c78fe49 chore: update generated content
  • 8dbbb1e Merge pull request #221 from crazy-max/dependabot/npm_and_yarn/brace-expansio...
  • fc715b0 build(deps): bump openpgp from 6.1.0 to 6.3.0
  • 9946916 build(deps): bump brace-expansion from 1.1.11 to 1.1.12
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 8, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Mar 8, 2026
edited
Loading

Deploying boxdbud with  Cloudflare Pages  Cloudflare Pages

Latest commit: 1a31dc5
Status: ✅  Deploy successful!
Preview URL: https://6a15f117.boxdbud.pages.dev
Branch Preview URL: https://dependabot-github-actions-de-c4iv.boxdbud.pages.dev

View logs

@Wootehfook
Copy link
Copy Markdown
Owner

Wootehfook commented Apr 4, 2026

Holding this PR for manual review before merging.

Reason: ghaction-import-gpg v7 is a major version bump for the action that signs all version-bump commits (version-bump.yml). If v7 changes how git_commit_gpgsign, passphrase, or key import works, merging without verification could silently produce unsigned commits.

Next step: Review the v7.0.0 release notes, confirm the config keys are unchanged, then merge manually or remove this hold.

@dependabot
ci(deps): bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0
1a31dc5 
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 6.3.0 to 7.0.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Commits](crazy-max/ghaction-import-gpg@e89d409...2dc316d)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/develop/crazy-max/ghaction-import-gpg-7.0.0 branch from f367a2c to 1a31dc5 Compare April 4, 2026 01:20
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Wootehfook Wootehfook requested a review from Copilot April 12, 2026 21:05
Copilot AI reviewed Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the version-bump GitHub Actions workflow to use crazy-max/ghaction-import-gpg v7.0.0 (pinned to a new commit SHA) so the release/version bump job continues to import the signing key using the latest major release of that action.

Changes:

  • Bump crazy-max/ghaction-import-gpg from v6.3.0 to v7.0.0 (commit SHA pin update).

@Wootehfook Wootehfook enabled auto-merge (squash) April 12, 2026 21:10
@Wootehfook Wootehfook merged commit 18ac381 into develop Apr 12, 2026
12 checks passed
@Wootehfook Wootehfook deleted the dependabot/github_actions/develop/crazy-max/ghaction-import-gpg-7.0.0 branch April 12, 2026 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Wootehfook Wootehfook Wootehfook approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Wootehfook