Increase GitHub Action checkout version to v5

[mulkieran]

Related stratis-storage/project#807

Summary by CodeRabbit

• Chores
  • Upgraded CI to use the latest repository checkout action across all workflows.
  • Disabled credential persistence in CI to improve security.
  • Enhances reliability and maintainability of the build pipeline.
  • No user-facing changes; application behavior and release artifacts remain unchanged.

[coderabbitai]

Walkthrough

All workflows update actions/checkout from v4 to v5 and add with: persist-credentials: false to each checkout step. Affected files: .github/workflows/cargo.yml, main.yml, nightly.yml. No other steps, logic, or jobs are modified.

Changes

Cohort / File(s)	Summary of Changes
Workflow: cargo .github/workflows/cargo.yml	Bump actions/checkout from v4→v5 for two steps; add with: persist-credentials: false to both (libcryptsetup-rs checkout and ci repo checkout).
Workflow: main .github/workflows/main.yml	Across jobs (format, lint, typos, stable, lowest_supported, fedora, yamllint): replace actions/checkout@v4→@v5; add with: persist-credentials: false to each checkout.
Workflow: nightly .github/workflows/nightly.yml	In audit, checks-with-ci-repo (two checkouts), and semver-checks jobs: v4→v5 upgrades; add with: persist-credentials: false, preserving existing path/repository values.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I thump my paws in CI’s light,
Checked out v5—credentials tight.
Hops through jobs, neat and small,
False persists so none can sprawl.
Green carrots blink, the pipelines cheer—
Another tidy hop this year! 🥕🐇

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/main.yml (1)

30-32: Optional: consider fetch-depth: 0 if any step relies on tags/history

If any of the invoked Makefile tasks (e.g., release/docs) call git describe, read tags, or traverse history, the default shallow fetch (depth=1) can break those. If relevant, set fetch-depth: 0 on the checkout steps that need it.

Apply where needed:

 - uses: actions/checkout@v5
   with:
     persist-credentials: false
+    fetch-depth: 0

.github/workflows/cargo.yml (1)

28-32: Optional: verify whether compare scripts need full git history

If any of the comparison targets end up invoking git operations that require tags or history, you may want to unshallow the checkout for the libcryptsetup-rs working copy.

If needed, amend this step:

 - uses: actions/checkout@v5
   with:
     path: libcryptsetup-rs
     persist-credentials: false
+    fetch-depth: 0

.github/workflows/nightly.yml (1)

84-86: Optional: ensure semver checks do not require git tags

cargo-semver-checks typically compares against crates.io and doesn’t need repo history, but if you ever switch to a mode relying on VCS tags, consider setting fetch-depth: 0 on this checkout.

Proposed tweak if needed:

 - uses: actions/checkout@v5
   with:
     persist-credentials: false
+    fetch-depth: 0

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 65055bf and 45df4e9.

📒 Files selected for processing (3)

• .github/workflows/cargo.yml (2 hunks)
• .github/workflows/main.yml (7 hunks)
• .github/workflows/nightly.yml (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (28)

• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: fedora (make -f Makefile docs-ci, cryptsetup-devel, 38)
• GitHub Check: fedora (make -f Makefile test-loopback, cryptsetup-devel keyutils-libs-devel, 38)
• GitHub Check: fedora (make -f Makefile test-loopback, cryptsetup-devel keyutils-libs-devel, 33)
• GitHub Check: fedora (make -f Makefile build-examples, cryptsetup-devel, 33)
• GitHub Check: fedora (make -f Makefile test-mutex, cryptsetup-devel keyutils-libs-devel, 33)
• GitHub Check: fedora (make -f Makefile test, cryptsetup-devel keyutils-libs-devel, 34)
• GitHub Check: fedora (make -f Makefile release, cryptsetup-devel, 33)
• GitHub Check: fedora (make -f Makefile docs-ci, cryptsetup-devel, 34)
• GitHub Check: fedora (make -f Makefile build, cryptsetup-devel, 34)
• GitHub Check: fedora (make -f Makefile build, cryptsetup-devel, 33)
• GitHub Check: fedora (make -f Makefile test-mutex, cryptsetup-devel keyutils-libs-devel, 34)
• GitHub Check: fedora (make -f Makefile test-mutex-guard, cryptsetup-devel keyutils-libs-devel, 33)
• GitHub Check: fedora (make -f Makefile build-examples, cryptsetup-devel, 34)
• GitHub Check: fedora (make -f Makefile docs-ci, cryptsetup-devel, 33)
• GitHub Check: stable (make -f Makefile docs-ci, libcryptsetup-dev)
• GitHub Check: lowest_supported (make -f Makefile test-mutex, libcryptsetup-dev libkeyutils-dev)
• GitHub Check: lowest_supported (make -f Makefile test-mutex-guard, libcryptsetup-dev libkeyutils-dev)
• GitHub Check: stable (make -f Makefile test-mutex-guard, libcryptsetup-dev libkeyutils-dev)
• GitHub Check: typos
• GitHub Check: stable (make -f Makefile release, libcryptsetup-dev)

🔇 Additional comments (3)

.github/workflows/main.yml (1)

30-32: Checkout upgraded to v5 with credentials persistence disabled: LGTM

All checkout steps consistently use actions/checkout@v5 with persist-credentials: false. This is a solid security hardening with no change to workflow semantics.

Also applies to: 47-49, 67-69, 105-107, 134-136, 239-241, 257-259

.github/workflows/cargo.yml (1)

28-32: Consistent v5 upgrade and disabled credential persistence: LGTM

Both checkouts (repo and ci) are upgraded to actions/checkout@v5 and set persist-credentials: false. Good consistency and supply-chain posture.

Also applies to: 47-52

.github/workflows/nightly.yml (1)

18-20: Upgrade to checkout@v5 with credential persistence disabled: LGTM

All updated steps look correct across audit, checks-with-ci-repo, and semver-checks jobs. No behavioral changes expected.

Also applies to: 40-44, 59-63, 84-86

[packit-as-a-service]

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

• sudo yum install -y dnf-plugins-core on RHEL 8
• sudo dnf install -y dnf-plugins-core on Fedora
• dnf copr enable packit/stratis-storage-libcryptsetup-rs-445
• And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.