[CI] update .gitignore and upgrade actions/checkout to v5 in workflows

[yairsimantov20]

PR Type

Other

---

Description

• Upgrade actions/checkout from v4 to v5 across all workflows

• Update 22 GitHub Actions workflow files

---

Diagram Walkthrough

flowchart LR
  A["GitHub Workflows"] -- "upgrade" --> B["actions/checkout@v5"]
  A -- "from" --> C["actions/checkout@v4"]

Loading

File Walkthrough

Relevant files

Dependencies

20 files apply-release.yml Upgrade checkout action to v5                                                        +1/-1      build-infra-images.yml Upgrade checkout action to v5                                                        +1/-1      ci.yml Upgrade checkout action to v5                                                        +2/-2      claude-generic.yml Upgrade checkout action to v5                                                        +1/-1      claude-tag.yml Upgrade checkout action to v5                                                        +1/-1      core-test.yml Upgrade checkout action to v5                                                        +1/-1      create-new-sonarcloud-project.yml Upgrade checkout action to v5                                                        +1/-1      detect-changes-matrix.yml Upgrade checkout action to v5                                                        +1/-1      docker-images-security-scan.yml Upgrade checkout action to v5                                                        +2/-2      integrations-test.yml Upgrade checkout action to v5                                                        +1/-1      lint.yml Upgrade checkout action to v5                                                        +1/-1      perf-test.yml Upgrade checkout action to v5                                                        +1/-1      release-framework.yml Upgrade checkout action to v5                                                        +1/-1      release-integrations.yml Upgrade checkout action to v5                                                        +3/-3      sonarcloud-framework.yml Upgrade checkout action to v5                                                        +1/-1      sonarcloud-integrations.yml Upgrade checkout action to v5                                                        +2/-2      trigger-doc-sync.yml Upgrade checkout action to v5                                                        +1/-1      upgrade-integrations.yml Upgrade checkout action to v5                                                        +1/-1      validate-integration-files.yml Upgrade checkout action to v5                                                        +1/-1      verify-docs-build.yml Upgrade checkout action to v5                                                        +1/-1

---

[Copilot]

Pull Request Overview

This PR updates GitHub Actions workflow configurations to use the latest version of the actions/checkout action, upgrading from v4 to v5 across all workflow files.

• Systematic upgrade of actions/checkout from v4 to v5 across all workflow files
• Maintains existing configuration options like fetch-depth, persist-credentials, etc.
• No functional changes to workflow behavior, only version bumps

Reviewed Changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/verify-docs-build.yml	Updated checkout action to v5
.github/workflows/validate-integration-files.yml	Updated checkout action to v5
.github/workflows/upgrade-integrations.yml	Updated checkout action to v5
.github/workflows/trigger-doc-sync.yml	Updated checkout action to v5
.github/workflows/sonarcloud-integrations.yml	Updated checkout action to v5 (2 instances)
.github/workflows/sonarcloud-framework.yml	Updated checkout action to v5
.github/workflows/release-integrations.yml	Updated checkout action to v5 (3 instances)
.github/workflows/release-framework.yml	Updated checkout action to v5
.github/workflows/perf-test.yml	Updated checkout action to v5
.github/workflows/lint.yml	Updated checkout action to v5
.github/workflows/integrations-test.yml	Updated checkout action to v5
.github/workflows/docker-images-security-scan.yml	Updated checkout action to v5 (2 instances)
.github/workflows/detect-changes-matrix.yml	Updated checkout action to v5
.github/workflows/create-new-sonarcloud-project.yml	Updated checkout action to v5
.github/workflows/core-test.yml	Updated checkout action to v5
.github/workflows/claude-tag.yml	Updated checkout action to v5
.github/workflows/claude-generic.yml	Updated checkout action to v5
.github/workflows/ci.yml	Updated checkout action to v5 (2 instances)
.github/workflows/build-infra-images.yml	Updated checkout action to v5
.github/workflows/apply-release.yml	Updated checkout action to v5

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[qodo-merge-pro]

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Permissions Check Verify that upgrading to actions/checkout@v5 does not require any changes to the job permissions (contents/pull-requests write) or the use of GITHUB_TOKEN/GH_TOKEN in this workflow, as v5 has stricter defaults and could affect checkout/auth behaviors. - name: Checkout code uses: actions/checkout@v5 Shallow Clone Setting Ensure fetch-depth: 0 remains effective with actions/checkout@v5 for Sonar analysis; validate that commit history is available and analysis still correlates properly. - uses: actions/checkout@v5 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis Fetch Depth Requirement This workflow relies on changed files; confirm that fetch-depth: 0 with checkout v5 provides the full history needed for accurate diffing in subsequent steps. - name: Checkout repository uses: actions/checkout@v5 with: fetch-depth: 0

[qodo-merge-pro]

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Verify breaking changes in v5 actions/checkout@v5 introduces breaking changes (Node.js 20 runtime, subtle behavior changes around fetch-depth, submodules, and SSH auth). Audit all workflows that rely on shallow clones, submodules, or git metadata (e.g., SonarCloud scans, release/version extraction) and explicitly set inputs like fetch-depth, persist-credentials, and submodules to preserve prior behavior. Add a quick end-to-end validation on representative jobs (matrix builds, release, SonarCloud) to ensure no regressions from the runtime and API changes. Examples: .github/workflows/ci.yml [13] uses: actions/checkout@v5 .github/workflows/sonarcloud-framework.yml [15-17] - uses: actions/checkout@v5 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis Solution Walkthrough: Before: # In .github/workflows/ci.yml jobs: prepare-matrix: steps: - name: Check out code uses: actions/checkout@v5 # Implicitly relies on default fetch-depth, which is 1. # This behavior might change or have subtle differences in new major versions. After: # In .github/workflows/ci.yml jobs: prepare-matrix: steps: - name: Check out code uses: actions/checkout@v5 with: # Explicitly set parameters to ensure consistent behavior # and prevent regressions from the v4 -> v5 upgrade. fetch-depth: 1 Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies the significant risk of breaking changes in a major version upgrade of the critical actions/checkout action, which could impact all CI workflows.	High
More

[nivm-port]

LGTM