From f345bd785e5bbd08b4741eecd1e359c1862dc481 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 7 Mar 2026 07:12:24 +0000
Subject: [PATCH] Bump the github-actions group across 1 directory with 3
 updates

Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg).


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

Updates `actions/create-github-app-token` from 2.0.2 to 2.2.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.2.1)

Updates `crazy-max/ghaction-import-gpg` from 6 to 7
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/copier.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/copier.yaml b/.github/workflows/copier.yaml
index c942357..038edd3 100644
--- a/.github/workflows/copier.yaml
+++ b/.github/workflows/copier.yaml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Checkout actions-template
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: actions-template
 
@@ -50,7 +50,7 @@ jobs:
 
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
-      - uses: actions/create-github-app-token@v2.0.2
+      - uses: actions/create-github-app-token@v2.2.1
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
@@ -66,7 +66,7 @@ jobs:
           git config --global user.name '${{ steps.generate-token.outputs.app-slug }}[bot]'
 
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@v7
         with:
           gpg_private_key: ${{ secrets.CSM_GPG_PRIVATE_KEY }}
           git_user_signingkey: true