Skip to content

Bump docker/metadata-action from 5.10.0 to 6.0.0#68

Merged
docktermj merged 2 commits intomainfrom
dependabot/github_actions/docker/metadata-action-6.0.0
Mar 30, 2026
Merged

Bump docker/metadata-action from 5.10.0 to 6.0.0#68
docktermj merged 2 commits intomainfrom
dependabot/github_actions/docker/metadata-action-6.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2026
edited by github-actions bot
Loading

Bumps docker/metadata-action from 5.10.0 to 6.0.0.

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

Commits
  • 030e881 Merge pull request #607 from crazy-max/allow-comments
  • 4b529ac chore: update generated content
  • b0082b3 preserve comments in list input values with commentNoInfix
  • 7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 281c9b0 chore: update generated content
  • 5f43b3b test: stabilize github mock setup since ESM
  • 9d53276 github class moved since actions-toolkit v0.77.0
  • eaa3d39 chore(deps): Bump @​docker/actions-toolkit from 0.68.0 to 0.77.0
  • 6b695f7 Merge pull request #605 from crazy-max/node24
  • a1afadc node 24 as default runtime
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #607
Resolves #604
Resolves #605
Resolves docker/metadata-action#605
Resolves docker/metadata-action#607
Resolves docker/metadata-action#602
Resolves docker/metadata-action#588
Resolves docker/metadata-action#599
Resolves docker/metadata-action#597
Resolves docker/metadata-action#604
Resolves docker/metadata-action#600
Resolves docker/metadata-action#603

@dependabot
Bump docker/metadata-action from 5.10.0 to 6.0.0
f11402f 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.0.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@v5.10.0...v6.0.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner March 27, 2026 15:05
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 27, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

🤖 Claude Code Review

Here is the code review for this PR:

Code Review: Bump docker/metadata-action from v5.10.0 to v6.0.0

Code Quality

  • Style guide: The change is a simple version bump in a YAML action file. No style violations.
  • No commented-out code: None present.
  • Meaningful variable names: N/A — no new variables introduced.
  • DRY principle: The same version is updated consistently in both occurrences (docker_meta_dockerhub at line 140 and docker_meta_ecr at line 149).
  • ⚠️ Defects / edge cases: This is a major version bump (v5 → v6) for docker/metadata-action. Major version bumps can introduce breaking changes. The PR does not include any notes on compatibility with the rest of the action (e.g., output variable names, tag format behavior). It's worth verifying the v6 changelog to confirm no breaking changes affect the type=semver or type=sha tag patterns used here, or the downstream steps.docker_meta_*.outputs.* references consumed later in the workflow.
  • CLAUDE.md: The project CLAUDE.md (build-resources/.claude/CLAUDE.md) is general, not environment-specific. No issues.

Testing

  • Unit/integration tests: No test files are expected for a GitHub Action version bump.
  • Edge cases: N/A for a dependency bump.
  • Test coverage: N/A.

Documentation

  • README: No README changes needed for a dependency bump.
  • API docs: N/A.
  • Inline comments: N/A.
  • CHANGELOG.md not updated: The CHANGELOG.md has not been updated to reflect this dependency bump. Per Senzing standards, all notable changes should be documented. The last entry is from 2023-12-06. This dependency upgrade should be added.

Security

  • No hardcoded credentials: None present.
  • Input validation: N/A.
  • Error handling: N/A.
  • No sensitive data in logs: N/A.
  • No .lic files or AQAAAD strings: None found.

Summary

Category Status
Code Quality ✅ (with note on major version bump)
Testing
Documentation ❌ CHANGELOG not updated
Security

Action required:

  1. CHANGELOG.md — Add an entry for this dependency bump (e.g., under a new [Unreleased] or versioned section).
  2. Verify breaking changes — Confirm docker/metadata-action v6.0.0 is backward-compatible with the type=semver, type=sha tag configurations and any downstream output references in action.yaml.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 30, 2026

🤖 Claude Code Review

PR Code Review

Change Summary: Bumps docker/metadata-action from v5.10.0 to v6.0.0 in two steps of action.yaml.

Code Quality

Style guide — Simple version bump in YAML; no style violations.

No commented-out code — None present in the diff.

Meaningful variable names — N/A for this change.

DRY principle — Both occurrences of docker/metadata-action are updated consistently.

⚠️ Defects / Edge Cases — This is a major version bump (v5 → v6). Major versions can introduce breaking changes. The outputs used downstream (annotations at action.yaml:160, tags at action.yaml:195 and action.yaml:205) should be verified as compatible with v6. No evidence of a compatibility check in this PR.

CLAUDE.mdbuild-resources/.claude/CLAUDE.md is general-purpose and appropriate for any developer. No local-environment-specific content found.

Testing

Unit/integration tests — Not applicable for a GitHub Action dependency version bump.

Documentation

README — No update needed for a dependency bump.

Inline comments — N/A.

CHANGELOG.md not updatedCHANGELOG.md has not been updated to reflect this dependency upgrade. Per Senzing standards, all changes should be documented. The most recent entry is [1.1.0] - 2023-12-06, which is stale and does not reflect this or other recent bumps (e.g., docker/build-push-action@v7, docker/setup-buildx-action@v4).

Security

No hardcoded credentials — None present.

Input validation — Unchanged; existing path validation remains intact.

Error handling — Unchanged.

No sensitive data in logs — N/A.

No .lic files or AQAAAD strings — None found.

Summary

Severity Issue
⚠️ Medium Major version bump (v5→v6) for docker/metadata-action — verify output compatibility (annotations, tags) before merging
❌ Low CHANGELOG.md not updated

The change is minimal and low-risk, but the major version jump warrants a quick check of the docker/metadata-action v6 release notes to confirm no breaking changes affect outputs.annotations or outputs.tags.

Automated code review analyzing defects and coding standards

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 30, 2026

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@docktermj docktermj merged commit d1e4158 into main Mar 30, 2026
21 checks passed
@docktermj docktermj deleted the dependabot/github_actions/docker/metadata-action-6.0.0 branch March 30, 2026 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

@kernelsam kernelsam

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@docktermj @kernelsam @senzingdevops