CI: actions checkout update to V5

[luojiyin1987]

@FreeCodeCamp-Chengdu/team-1 I create a Pull Request to close #issue_number

Summary by CodeRabbit

• Chores
  • Upgraded CI pipelines to use the latest checkout action (v5) for improved security, performance, and compatibility.
  • Applied across build, lint/formatting, data fetch, and content save workflows to standardize environments.
  • Enhances reliability of automation and reduces maintenance overhead.
  • No changes to application functionality or UI; end users should not notice any behavioral differences.

[coderabbitai]

Walkthrough

All modified GitHub Actions workflows update actions/checkout from v4 to v5. In main.yml, two checkout steps were updated; in the other workflows, a single checkout step was updated. No other workflow logic or configuration changed.

Changes

Cohort / File(s)	Summary of Changes
Workflows: Bump actions/checkout to v5 .github/workflows/fetch-Web.yml, .github/workflows/formatter.yml, .github/workflows/main.yml, .github/workflows/save-activity.yml, .github/workflows/save-article.yml	Replaced actions/checkout@v4 with actions/checkout@v5. In main.yml, both “Checkout Data repository” and “Checkout Program repository” steps updated. No other edits.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

I twitch my whiskers, hop with cheer,
A tidy bump, from four to five—so clear.
Pipelines purr, the checks all flow,
Commit dust sparkles—off we go! ✨
Carrot in paw, I stamp “LGTM”—let’s roll! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The PR description includes the repository template line but leaves the placeholder '#issue_number' unfilled and otherwise consists mainly of badge links without a brief summary of the change, testing steps, or an actual issue reference, so it does not fully satisfy the template's intent.	Replace '#issue_number' with the actual issue number (or remove the close directive if none), and add a short summary of the changes and any relevant testing or deployment notes so the description meets the repository template and aids reviewers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly summarizes the primary change — updating the CI workflows to use actions/checkout@v5 — and directly matches the changes described in the provided raw_summary, making it clear and appropriate for reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

.github/workflows/save-activity.yml (1)

16-16: Upgrade looks good; please pin checkout to a commit SHA (security) and confirm runner compatibility.

• actions/checkout v5 runs on Node 24 and requires Actions Runner v2.327.1+. Hosted runners are fine; verify if any self‑hosted runners are used. (github.com)
• Pin to the v5 release commit to mitigate tag‑hijack risks.

Apply:

-            - uses: actions/checkout@v5
+            - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

.github/workflows/save-article.yml (1)

16-16: Same here: pin actions/checkout to the v5 commit and verify runner version.

• v5 → Node 24; needs runner v2.327.1+. (github.com)
• Pin to the release commit for supply‑chain safety.

-            - uses: actions/checkout@v5
+            - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

.github/workflows/formatter.yml (1)

10-10: Pin checkout to a specific v5 commit.

• Prevents executing a moved/malicious tag; v5 commit is 08c6903… (v5.0.0). (github.com)

-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

.github/workflows/fetch-Web.yml (1)

14-14: Pin checkout and confirm runner meets v5 requirement.

• v5 requires Actions Runner v2.327.1+; pin to the v5 commit. (github.com)

-            - uses: actions/checkout@v5
+            - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

.github/workflows/main.yml (1)

11-11: Good upgrade; pin to SHA and double‑check external repo access.

• Pin both checkout steps to the v5 commit for supply‑chain safety. (github.com)
• If “Program repository” is private, pass a PAT via the token input; GITHUB_TOKEN is scoped to the current repo. (github.com)
• v5 requires runner v2.327.1+ (okay on hosted). (github.com)

-              uses: actions/checkout@v5
+              uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
@@
-              uses: actions/checkout@v5
+              uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

If the Program repo is private:

- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
  with:
    repository: ${{ secrets.GIT_URI }} # must be "owner/repo"
    token: ${{ secrets.PERSONAL_TOKEN }}
    ref: hexo
    path: super/

Also applies to: 15-15

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eb88330 and 28bbb66.

📒 Files selected for processing (5)

• .github/workflows/fetch-Web.yml (1 hunks)
• .github/workflows/formatter.yml (1 hunks)
• .github/workflows/main.yml (1 hunks)
• .github/workflows/save-activity.yml (1 hunks)
• .github/workflows/save-article.yml (1 hunks)