deps: Update actions/github-script action to v9

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/github-script	action	major	v7 → v9

---

Release Notes

actions/github-script (actions/github-script)

v9.0.0

Compare Source

New features:

• getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
• Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

• require('@​actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@​actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@​actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
• getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
• If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

• Add ACTIONS_ORCHESTRATION_ID to user-agent string by @​Copilot in #​695
• ci: use deployment: false for integration test environments by @​salmanmkc in #​712
• feat!: add getOctokit to script context, upgrade @​actions/github v9, @​octokit/core v7, and related packages by @​salmanmkc in #​700

New Contributors

• @​Copilot made their first contribution in #​695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

v9

Compare Source

v8.0.0

Compare Source

v8: .0.0

Compare Source

What's Changed

• Update Node.js version support to 24.x by @​salmanmkc in #​637
• README for updating actions/github-script from v7 to v8 by @​sneha-krip in #​653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

• @​salmanmkc made their first contribution in #​637
• @​sneha-krip made their first contribution in #​653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

Compare Source

What's Changed

• Upgrade husky to v9 by @​benelan in #​482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​485
• Upgrade IA Publish by @​Jcambass in #​486
• Fix workflow status badges by @​joshmgross in #​497
• Update usage of actions/upload-artifact by @​joshmgross in #​512
• Clear up package name confusion by @​joshmgross in #​514
• Update dependencies with npm audit fix by @​joshmgross in #​515
• Specify that the used script is JavaScript by @​timotk in #​478
• chore: Add Dependabot for NPM and Actions by @​nschonni in #​472
• Define permissions in workflows and update actions by @​joshmgross in #​531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in #​532
• chore: Remove .vscode settings by @​nschonni in #​533
• ci: Use github/setup-licensed by @​nschonni in #​473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in #​508
• Remove octokit README updates for v7 by @​joshmgross in #​557
• docs: add "exec" usage examples by @​neilime in #​546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in #​563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in #​575
• Clearly document passing inputs to the script by @​joshmgross in #​603
• Update README.md by @​nebuk89 in #​610

New Contributors

• @​benelan made their first contribution in #​482
• @​Jcambass made their first contribution in #​485
• @​timotk made their first contribution in #​478
• @​iamstarkov made their first contribution in #​508
• @​neilime made their first contribution in #​546
• @​nebuk89 made their first contribution in #​610

Full Changelog: actions/github-script@v7...v7.1.0

v7.0.1

Compare Source

What's Changed

• Avoid setting baseUrl to undefined when input is not provided by @​joshmgross in #​439

Full Changelog: actions/github-script@v7.0.0...v7.0.1

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This PR updates the actions/github-script action to version 9. This is a major version bump that transitions the execution environment to Node 24 and introduces internal changes to Octokit and dependency loading.

While Codacy reports that the PR is up to standards and no immediate logic errors were found in the workflow script, the update introduces a potential dependency on specific GitHub Runner versions (v2.327.1+) and changes to how the github global behaves. Verification is required to ensure the GraphQL queries and injected globals remain functional under the new version.

About this PR

• The actions/github-script v9 update requires a minimum GitHub Runner version of v2.327.1. If this repository uses self-hosted runners or specific pinned versions, please verify they meet this requirement before merging.

Test suggestions

• Verify that the 'Triage Bot' workflow executes successfully using the injected github and core globals in v9.
• Ensure the github.graphql call functions correctly with the updated Octokit instance provided by the v9 action.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify that the 'Triage Bot' workflow executes successfully using the injected `github` and `core` globals in v9.
2. Ensure the `github.graphql` call functions correctly with the updated Octokit instance provided by the v9 action.

Low confidence findings

• Verify the workflow in a live run to ensure the injected github global and github.graphql queries function correctly with the updated Octokit instance provided in v9.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[github-actions]

@coderabbitai autofix