Update actions/cache action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	major	v5.0.5 → v6.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

actions/cache (actions/cache)

v6.0.0

Compare Source

What's Changed

• Update packages, migrate to ESM by @​Samirat in #​1760

Full Changelog: actions/cache@v5...v6.0.0

v6

Compare Source

---

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[anshulg-dep-review]

Triage: YELLOW -- possible breakage, reviewer requested

This is a major version bump of a GitHub Actions workflow dependency (actions/cache v5 → v6) driven by an internal ESM migration and toolkit dependency updates. The action's public interface (inputs, outputs, runtime) is identical between versions, so no workflow YAML changes are required. However, the provenance check failed due to a system error, leaving supply-chain signals unverified. Merge is safe from a functional standpoint, but provenance should be spot-checked before committing.

Updates table

Package	Old	New	Breaking	Changelog	Provenance
actions/cache	v5.0.5	v6.0.0	safe	internal migration	failed

Required actions

1. actions/cache -- Provenance check failed due to a system error. Before merge, manually verify that the v6.0.0 release on the upstream GitHub repository matches the expected publisher and has no suspicious metadata drift. (See provenance report.)

Update summary

actions/cache v5.0.5 → v6.0.0

• Internal ESM migration and major toolkit dependency bumps (@actions/cache, @actions/core, @actions/exec all bumped to new major versions).
• No breaking changes to the public workflow YAML interface. Inputs (path, key, restore-keys), outputs (cache-hit), and Node.js 24 runtime are byte-for-byte identical.
• Used only in the pre-commit CI linting job (.github/workflows/checks.yml); no cluster workloads affected.
• Failure mode is soft (slower CI run or failed lint check); trivial rollback available.

Provenance

Provenance check failed. The provenance researcher encountered a system error and could not complete the analysis. The breaking-change and changelog researchers both confirm the v6.0.0 release is from the expected upstream publisher (github.com/actions/cache) with no user-facing interface changes, but supply-chain indicators (signature verification, source metadata drift, build artifact integrity) remain unverified. Recommend a quick manual spot-check of the upstream release page before merge.

Sub-agent reports -- actions/cache

Breaking-change impact

I now have all the information I need. The analysis is complete. Here is the full impact report:

---

Impact verdict: actions/cache v5.0.5 → v6.0.0 (PR #3521)

Verdict

safe_to_merge

This is a GitHub Actions CI workflow-only change with no impact on the Kubernetes cluster deployment. The single usage of actions/cache runs on GitHub-hosted ubuntu-latest runners, the action's input/output interface is identical between v5 and v6, and the v6 change is an internal ESM migration with no user-facing breaking changes.

---

Blast radius

• Scope: leaf_app (CI tooling only — no cluster workloads affected)
• Direct usage: 1 file — .github/workflows/checks.yml (the pre-commit job)
• Transitive dependents: 0 cluster apps
  • This action is used solely to cache ~/.cache/pre-commit during the pre-commit CI linting job. It has no relationship to any Kubernetes workload, ArgoCD Application, Helm chart, or cluster resource.
• User-facing exposure:
  • Public hostnames affected: none
  • Internal (oauth-gated) hostnames affected: none
  • Cron / scheduled jobs affected: none
• Failure mode if upgrade goes wrong: soft_down — the pre-commit CI check job would fail or run without a cache hit (slower), but no cluster workload is affected. The worst case is a slower CI run or a failed lint check that blocks the PR, not a cluster outage.
• Recovery: trivial_rollback — pin back to actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 in one line.

---

Required actions before merge

None

---

Findings

F-01: ESM migration is internal-only — no interface changes

• Severity: informational
• Category: other
• What changed: actions/cache v6 migrates its internal implementation from CommonJS to ESM and updates @actions/cache, @actions/core, and @actions/exec to their latest major versions.
• Why it affects this deployment: It does not. The action.yml interface (inputs: path, key, restore-keys; output: cache-hit; runtime: node24) is byte-for-byte identical between v5.0.5 and v6.0.0. The workflow uses only path, key, and restore-keys — all of which are unchanged. The cache-hit output is not consumed by any downstream step in the workflow.
• Affected dependents: none
• Required action: no action — informational
• Source: upstream PR Update ollama/ollama Docker tag to v0.11.11 #1760 and the v6.0.0 release notes
• Confidence: documented
• Render-limited: no

F-02: Minimum runner version requirement (inherited from v5, not new in v6)

• Severity: informational
• Category: other
• What changed: actions/cache@v5 introduced a minimum Actions Runner version requirement of 2.327.1 (Node.js 24 runtime). v6 inherits this same requirement — it does not raise it further.
• Why it affects this deployment: The workflow uses runs-on: ubuntu-latest (GitHub-hosted runners). GitHub-hosted runners are always kept current by GitHub and are well above the 2.327.1 minimum. No self-hosted runners are used in any workflow in this repository. This requirement was already satisfied when v5 was adopted.
• Affected dependents: none
• Required action: no action — informational
• Source: upstream project's README documentation for v6
• Confidence: documented
• Render-limited: no

F-03: save-always input is deprecated (not new in v6)

• Severity: informational
• Category: config_schema
• What changed: The save-always input carries a deprecationMessage in both v5 and v6 warning it will be removed in a future release.
• Why it affects this deployment: The workflow does not use save-always. Only path, key, and restore-keys are set. No action required.
• Affected dependents: none
• Required action: no action — informational
• Source: actions/cache action.yml at v6.0.0
• Confidence: documented
• Render-limited: no

---

Deployment fingerprint (summary)

Attribute	Value
File changed	.github/workflows/checks.yml
Job	pre-commit
Runner	ubuntu-latest (GitHub-hosted)
Action inputs used	path: ~/.cache/pre-commit, key: pre-commit-${{ runner.os }}-...-${{ hashFiles('.pre-commit-config.yaml') }}, restore-keys: (3 prefix patterns)
Action outputs consumed	none (no id: set on the step, cache-hit not referenced)
Other workflows using actions/cache	none (code search returned 1 result total)
Cluster workloads referencing this action	none

---

Cluster fit

• Architectures required by cluster: amd64, arm64 (rpi5 nodes present per repo description)
• Architectures supported by new version: N/A — this is a GitHub Actions JavaScript action, not a container image. It runs on the GitHub Actions runner host, not on cluster nodes. Architecture is irrelevant.
• Kubernetes API versions used in manifest sources: N/A — no Kubernetes manifests are touched by this PR.
• Minimum K8s version stated by dep: N/A
• Peer dependency check: N/A — actions/cache has no Kubernetes ecosystem peer dependencies.

---

Gaps

• The v6.0.0 release notes are sparse ("Update packages, migrate to ESM"). No formal migration guide exists for v5→v6. The action.yml diff and upstream PR Update ollama/ollama Docker tag to v0.11.11 #1760 description were used as the primary source of truth for interface stability. Both confirm no user-facing changes.
• The actions/cache repository does not publish a CHANGELOG.md; release notes and the merged PR were the only available sources.
• No check was performed on whether GitHub's cache service backend changed behavior between v5 and v6 (e.g., cache key versioning algorithm). The README states changes are "fully backward compatible" and existing caches will continue to be matched. A first run after the upgrade may result in a cache miss (cold start), causing a slightly slower pre-commit run — this is not a failure.

Upstream changelog

I now have all the information needed to produce a comprehensive output. The action.yml interface is identical between v5.0.5 and v6.0.0 — same inputs, outputs, and Node.js runtime — so the breaking change is entirely internal (ESM migration + major toolkit dependency bumps). This is a major version bump but the user-facing workflow YAML interface is unchanged.

---

actions/cache v5.0.5 → v6.0.0

Summary

• Artifact type: GitHub Action
• Input format: SemVer release tags
• Resolved references: Tag v5.0.5 (commit 27d5ce7f107fe9357f9df03efb73ab90386fccae) → Tag v6.0.0 (commit e9b91fdc3fea7d79165fceb79042ef45c2d51023)
• Versions in range: v5.0.5 → v6.0.0 (no intermediate releases; this is a direct major bump with no pre-releases between them)
• Source repo: upstream actions/cache project
• Primary sources used:
  • Upstream release announcement for v6.0.0
  • Upstream project's RELEASES.md changelog
  • Upstream PR Update ollama/ollama Docker tag to v0.11.11 #1760 (ESM migration)
  • action.yml diff (v5.0.5 vs v6.0.0): identical
  • package.json diff (v5.0.5 vs v6.0.0): confirmed dependency changes
• Versioning scheme: SemVer
• Major version boundary crossed: Yes (v5 → v6)
• Confidence: high — maintainer-authored changelog, full release notes, and the single merged PR fully account for all changes in this release

---

Breaking Changes

Migration to ESM module system

• What changed: The action's internal JavaScript module system was converted from CommonJS to ESM ("type": "module" added to package.json), required to consume the new @actions/cache@^6.0.1 and @actions/core@^3.0.1 toolkit packages.
• Affects: Internal implementation only. The action.yml interface (inputs, outputs, runs.using: 'node24', entry points) is byte-for-byte identical to v5.0.5. Workflow YAML using actions/cache@v6 requires no changes.
• Migration: No changes required in consumer workflow YAML. Users referencing the action by the floating v6 major tag will automatically receive this version. Users pinning to a specific SHA must update their pin.
• Source: upstream PR Update ollama/ollama Docker tag to v0.11.11 #1760 (ESM migration PR) explicitly marked as a breaking change; upstream project's RELEASES.md changelog
• Confidence: documented
• Introduced in: v6.0.0

Major toolkit dependency version bumps

• What changed: All @actions/* toolkit dependencies were bumped to new major versions: @actions/cache ^5.0.5 → ^6.0.1, @actions/core ^2.0.3 → ^3.0.1, @actions/exec ^2.0.0 → ^3.0.0, @actions/io ^2.0.0 → ^3.0.2. These are bundled into the action's dist/ at build time and are not separately installed by consumers.
• Affects: Internal bundled dependencies only. No impact on workflow YAML interface or observable action behavior is documented.
• Migration: No action required by consumers.
• Source: upstream project's RELEASES.md changelog; package.json diff between tags
• Confidence: documented
• Introduced in: v6.0.0

---

Other Notable Changes

• Jest upgraded to v30 and test infrastructure updated to be ESM-compatible — internal dev/test change only (per upstream RELEASES.md).

---

Deprecations Introduced

None found.

---

Gaps and Caveats

• No migration guide exists at standard paths (UPGRADING.md, MIGRATING.md, docs/upgrading/). The upstream project's RELEASES.md changelog and PR Update ollama/ollama Docker tag to v0.11.11 #1760 are the sole authoritative sources.
• @actions/core v3 and @actions/cache v6 breaking changes are not documented in the upstream project's release notes. Since these are bundled (not installed by consumers), any behavioral changes they introduce would be opaque — but no observable behavioral regressions are documented or reported.
• The PR author self-classified this as a "Breaking change" in the PR checklist, but the action.yml interface diff confirms zero breaking changes to the public workflow YAML API. The major version bump appears driven by the ESM migration and toolkit major bumps rather than any user-facing interface change.
• No user-reported breakage found in open issues on the upstream repository at time of research.

Provenance

RESEARCH_FAILED: provenance researcher could not complete.

Reason: Prompt error: CompletionError: ProviderError: {"error":{"message":"{\"type\":\"error\",\"error\":{\"type\":\"authentication_error\",\"message\":\"Invalid authentication credentials\"},\"request_id\":\"req_011CcLiSyMp49P5bjRgNPVux\"}. Received Model Group=claude-haiku-4-5\nAvailable Model Group Fallbacks=['claude-haiku-4-5-fallback']\nError doing the fallback: {\"type\":\"error\",\"error\":{\"type\":\"invalid_request_error\",\"message\":\"prompt is too long: 206582 tokens > 200000 maximum\"},\"request_id\":\"req_011CcLiTzhCzXWsfSsUb4NqN\"}","type":"None","param":"None","code":"401"}}\n\nThe categorizer must treat this as an unverified signal and downgrade the verdict accordingly (do not assume safety).