Update dependabot.yml

[NxPKG]

User description

Notes for Reviewers

This PR fixes #

Signed commits

• Yes, I signed my commits.

---

PR Type

enhancement, configuration changes

---

Description

• Updated dependabot.yml to change the update interval to daily.

• Added a limit of 10 open pull requests for dependabot.

---

Changes walkthrough 📝

	Relevant files
Configuration changes	dependabot.yml Adjusted dependabot update frequency and PR limits              .github/dependabot.yml Changed the update interval from weekly to daily. Added a limit of 10 open pull requests. +2/-1

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

Summary by CodeRabbit

• Chores

  • Updated the dependency update configuration to restrict the number of simultaneous update requests to 5, ensuring a more streamlined and efficient process.

• Refactor

  • Renamed job from build-artifacts to build in the workflow configuration.
  • Introduced a new job named build-artifacts that depends on the build job.
  • Updated job dependencies to clarify workflow structure and streamline processes.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request updates the dependabot configuration by altering the update frequency from weekly to daily and adding a new configuration to limit the number of open pull requests. These changes are implemented in the .github/dependabot.yml file, ensuring that dependency updates are more frequently checked and controlled.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Updated the dependabot schedule and added open pull requests limit.	Changed the update interval from 'weekly' to 'daily'. Added the 'open-pull-requests-limit' parameter with a limit set to 10. Retained existing commit message configuration with prefix 'chore' and scope inclusion.	.github/dependabot.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

"""

Walkthrough

The changes introduce a new configuration option for Dependabot in the .github/dependabot.yml file, setting open-pull-requests-limit: 5 for the Go modules package ecosystem. Additionally, the workflow configuration in .github/workflows/app-pipeline.yaml is restructured, renaming the build-artifacts job to build, adding a new build-artifacts job, and updating dependencies for several jobs to streamline the workflow.

Changes

File Path	Summary of Changes
.github/dependabot.yml	Added open-pull-requests-limit: 5 to the Go modules config.
.github/workflows/app-pipeline.yaml	Renamed job build-artifacts to build, added new job build-artifacts, updated job dependencies, and modified release job to include strategy: matrix: go-version: [1.18.x].

Poem

I’m a code-hopping rabbit in a techy glen,
Adding new limits with a digital pen.
Five pull requests neatly arranged in line,
Watching dependencies update, oh so fine.
In the burrow of code, I celebrate with glee,
For simple changes make our codebase carefree!
🐰💻
"""

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected

[sourcery-ai]

Hey @NxPKG - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider if a daily check is really necessary, as it might create a lot of PRs.

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	✅ Optimize dependency update frequency settings Suggestion Impact: The commit directly implemented the suggested changes by changing the interval from daily to weekly and reducing open PR limit from 10 to 5 code diff: - interval: "daily" + interval: "weekly" target-branch: "master" - open-pull-requests-limit: 10 + open-pull-requests-limit: 5 Setting a high frequency of daily updates with a large number of open PRs could overwhelm maintainers and CI resources. Consider using weekly updates or reducing the open PR limit. .github/dependabot.yml [12-15] schedule: - interval: "daily" + interval: "weekly" target-branch: "master" -open-pull-requests-limit: 10 +open-pull-requests-limit: 5 Apply this suggestion Suggestion importance[1-10]: 7 __ Why: The suggestion raises a valid concern about potential resource and maintenance overhead from daily updates with 10 open PRs. Reducing frequency to weekly and limiting PRs to 5 could help manage the workload better.	Medium

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c830d10 and 2abd66a.

📒 Files selected for processing (1)

• .github/dependabot.yml (1 hunks)

🔇 Additional comments (1)

.github/dependabot.yml (1)

21-22: Verify dependency allow list.

The configuration only allows dependencies from the github.com/khulnasoft/* organization. Please confirm if this is intentional and if there are other dependencies that should be included.

Let me check for other dependencies:

❌ Verification inconclusive

🏁 Script executed:

#!/bin/bash
# Description: Check for dependencies outside khulnasoft organization
# Look for go.mod file and extract dependencies
fd -t f "go.mod" --exec sh -c 'echo "=== Dependencies in {}" && cat {} | grep -E "^[[:space:]]*[a-z].*$" | grep -v "^module"'

Length of output: 2297

---

Dependency Allow List Verification

The current Dependabot configuration in .github/dependabot.yml is restricted to updating only dependencies matching github.com/khulnasoft/*, while the project's go.mod file clearly includes many external dependencies. Please confirm whether the allow list is intentionally limited to internal dependencies only or if it should be broadened to include these additional external packages.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Inconsistency with PR objectives.

The PR objectives mention changing the update interval to "daily" and setting a limit of 10 pull requests. However, the configuration shows:

• Update interval remains "weekly"
• Pull request limit is set to 5

Please clarify if these differences are intentional.

Let me verify the valid configuration options:

Also applies to: 15-15

---

🌐 Web query:

What are the valid values for Dependabot's update interval and open-pull-requests-limit settings?

💡 Result:

Dependabot's configuration options for update intervals and pull request limits are defined as follows:

Update Interval (schedule.interval)

Valid values:

• daily (checks for updates every weekday, Monday–Friday)
• weekly (checks once per week, defaulting to Monday)
• monthly (checks on the first day of each month)

This setting is required for each package ecosystem configuration[1][4][6]. Custom timing can be added using optional parameters like day, time, and timezone[1][7].

---

Open Pull Requests Limit (open-pull-requests-limit)

Behavior:

• Default: 5 concurrent pull requests for version updates[3][4][10]
• Security updates: Fixed limit of 10 PRs (not configurable)[1][4]
• Custom values: Any positive integer (e.g., 25 in example configurations)[3][7]

This setting helps manage workflow noise by capping PR volume while allowing bursts during initial dependency catch-up periods[3][6].

Both settings are configured per package ecosystem in the dependabot.yml file[1][4]. For security updates introduced in March 2024, grouping configurations can further optimize PR management[2].

Citations:

• 1: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference
• 2: https://github.blog/changelog/2024-03-06-group-configuration-options-for-dependabot-security-updates-public-beta/
• 3: https://dev.to/slashgear_/how-to-automatically-merge-dependabot-pull-requests-with-github-actions--30pe
• 4: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
• 5: https://learn.microsoft.com/en-us/training/modules/configure-dependabot-security-updates-on-github-repo/?ns-enrollment-type=Collection&ns-enrollment-id=rqymc6yw8q5rey
• 6: https://macpaw.tech/engineering/how-to-use-github-dependabot/
• 7: https://cloud.gov/pages/knowledge-base/dependabot-with-pages/
• 8: https://blog.mergify.com/streamlining-software-dependency-management-with-dependabot/
• 9: https://docs.openrewrite.org/recipes/github/changedependabotscheduleinterval
• 10: https://travisgosselin.com/moving-from-dependabot-preview-to-dependabot-native/

---

Configuration discrepancies identified in Dependabot settings.

The PR objectives indicate that the update interval should change to "daily" and the open pull requests limit should be set to 10. However, the current configuration in .github/dependabot.yml shows:

• Update interval remains "weekly" instead of "daily".
• Open pull requests limit is set to 5 instead of 10.

Please clarify if these differences are intentional or if an update is needed to align with the PR objectives.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (2)

.github/workflows/app-pipeline.yaml (2)

108-170: ⚠️ Potential issue

Add permissions declaration to test artifact jobs.

The workflow jobs are missing explicit permissions declarations, which is a security best practice to follow the principle of least privilege.

Add the following permissions block at the beginning of each test artifact job:

  test-linux-artifacts:
    needs: build
    runs-on: ubuntu-latest
+   permissions:
+     contents: read
+     actions: read
    steps:
      ...

  test-mac-artifacts:
    needs: build
    runs-on: macos-latest
+   permissions:
+     contents: read
+     actions: read
    steps:
      ...

  test-windows-artifacts:
    needs: build
    runs-on: windows-latest
+   permissions:
+     contents: read
+     actions: read
    steps:
      ...

🧰 Tools

🪛 actionlint (1.7.4)

113-113: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

116-116: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

121-121: the runner of "actions/download-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

134-134: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

137-137: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

142-142: the runner of "actions/download-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

155-155: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

158-158: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

163-163: the runner of "actions/download-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 GitHub Check: CodeQL

[warning] 109-129: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

---

[warning] 130-150: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

---

171-204: ⚠️ Potential issue

Add permissions declaration to release job.

The release job requires explicit permissions to create GitHub releases.

Add the following permissions block to the release job:

  release:
    needs: [test, build-artifacts, test-linux-artifacts, test-mac-artifacts, test-windows-artifacts]
    runs-on: ubuntu-latest
+   permissions:
+     contents: write
+     actions: read
    strategy:
      matrix:
        go-version: [1.18.x]

🧰 Tools

🪛 actionlint (1.7.4)

180-180: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

183-183: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

189-189: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🧹 Nitpick comments (1)

.github/workflows/app-pipeline.yaml (1)

1-204: Consider upgrading Go version.

The workflow is using Go 1.18.x which is quite old. Consider upgrading to a more recent version for better performance, security, and features.

Let me check the latest Go version for you:

✅ Verification successful

🌐 Web query:

What is the latest version of Go?

💡 Result:

The latest version of Go as of February 2025 is Go 1.23.6, released on February 4, 2025[4]. This minor revision includes security fixes for the crypto/elliptic package and bug fixes to the compiler and go command[4].

This follows the major Go 1.23 release from August 13, 2024[3][4], which maintained compatibility through the Go 1 promise while focusing on toolchain improvements[3]. The release series has seen regular maintenance updates approximately every month since its initial release[4].

For most users running Go 1.21 or later, updates to new versions should be handled automatically through Go's toolchain management system[1]. Developers using older versions (pre-1.21) may need to manually update their toolchain to access these latest releases[1].

Citations:

• 1: https://github.com/golang/tools/releases
• 2: https://forum.exercism.org/t/update-go-version-to-the-latest-one/9326
• 3: https://tip.golang.org/doc/go1.23
• 4: https://go.dev/doc/devel/release
• 5: https://tip.golang.org/doc/go1.22
• 6: https://go.dev/dl/

---

Update Go Version in CI Workflows

The GitHub Actions file specifies go-version: 1.18.x while the latest version of Go as of February 2025 is Go 1.23.6. Upgrading to this more recent version can improve performance, security, and overall feature support. Consider updating the version in your workflow's matrix and setup steps accordingly.

• Update all go-version: 1.18.x entries to go-version: '1.23.6' or a compatible Go 1.23 specification.
• Test for compatibility using the Go migration guide.

🧰 Tools

🪛 actionlint (1.7.4)

16-16: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

19-19: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

25-25: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

46-46: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

49-49: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

55-55: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

79-79: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

82-82: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

88-88: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

103-103: the runner of "actions/upload-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

113-113: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

116-116: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

121-121: the runner of "actions/download-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

134-134: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

137-137: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

142-142: the runner of "actions/download-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

155-155: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

158-158: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

163-163: the runner of "actions/download-artifact@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

180-180: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

183-183: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

189-189: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 GitHub Check: CodeQL

[warning] 72-108: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

---

[warning] 109-129: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

---

[warning] 130-150: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

---

[warning] 151-171: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2abd66a and 685e29d.

📒 Files selected for processing (1)

• .github/workflows/app-pipeline.yaml (6 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/app-pipeline.yaml

79-79: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

82-82: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

88-88: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 GitHub Check: CodeQL

.github/workflows/app-pipeline.yaml

[warning] 109-129: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

---

[warning] 130-150: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

---

[warning] 151-171: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

🔇 Additional comments (1)

.github/workflows/app-pipeline.yaml (1)

42-70: LGTM! Build job restructuring looks good.

The separation of build concerns into distinct jobs improves workflow clarity and maintainability.

🧰 Tools

🪛 actionlint (1.7.4)

46-46: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

49-49: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

55-55: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

[coderabbitai]

⚠️ Potential issue

Update GitHub Actions to their latest versions.

Several actions are using outdated versions which may have security vulnerabilities or missing features.

Apply this diff to update the actions:

-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
-        uses: actions/cache@v2
+        uses: actions/cache@v3

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	build-artifacts:
	needs: build
	runs-on: ubuntu-latest
	strategy:
	matrix:
	go-version: [1.18.x]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: Set up Go
	uses: actions/setup-go@v2
	with:
	go-version: '1.18.x'
	- name: Cache Go dependencies
	id: package-cache-go-dependencies
	uses: actions/cache@v2
	with:
	path: |
	~/go/pkg/mod/cache
	key: ${{ runner.os }}-go-prod-${{ hashFiles('**/go.sum') }}
	restore-keys: |
	${{ runner.os }}-go-prod-
	- name: Install dependencies
	run: go mod download
	build-artifacts:
	needs: build
	runs-on: ubuntu-latest
	strategy:
	matrix:
	go-version: [1.18.x]
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: '1.18.x'
	- name: Cache Go dependencies
	id: package-cache-go-dependencies
	uses: actions/cache@v3
	with:
	path: |
	~/go/pkg/mod/cache
	key: ${{ runner.os }}-go-prod-${{ hashFiles('**/go.sum') }}
	restore-keys: |
	${{ runner.os }}-go-prod-
	- name: Install dependencies
	run: go mod download

🧰 Tools

🪛 actionlint (1.7.4)

79-79: the runner of "actions/checkout@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

82-82: the runner of "actions/setup-go@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

88-88: the runner of "actions/cache@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)