.github: Bump actions/github-script from 8.0.0 to 9.0.0 (#508580)

.github/workflows/backport.yml

@@ -72,7 +72,7 @@ jobs:
 
       - name: "Add 'has: port to stable' label"
         if: steps.backport.outputs.created_pull_numbers != ''
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           # Not using the app on purpose to avoid triggering another workflow run after adding this label.
           script: |

.github/workflows/bot.yml

@@ -74,7 +74,7 @@ jobs:
         run: gh api /rate_limit | jq
 
       - name: Run bot
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ steps.app-token.outputs.token || github.token }}
           retries: 3

.github/workflows/check.yml

@@ -52,7 +52,7 @@ jobs:
 
       - name: Check commits
         id: check
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           TARGETS_STABLE: ${{ fromJSON(inputs.baseBranch).stable && !contains(fromJSON(inputs.headBranch).type, 'development') }}
         with:

.github/workflows/comment.yml

@@ -38,7 +38,7 @@ jobs:
           private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
           permission-pull-requests: write
 
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ steps.app-token.outputs.token || github.token }}
           retries: 3

.github/workflows/edited.yml

@@ -43,7 +43,7 @@ jobs:
           private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
           permission-pull-requests: write
 
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ steps.app-token.outputs.token }}
           script: |

.github/workflows/eval.yml

@@ -61,7 +61,7 @@ jobs:
 
       - name: Find commit that touched ci/pinned.json
         id: find-pinned-commit
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           TARGET_SHA: ${{ inputs.targetSha }}
           HEAD_SHA: ${{ inputs.headSha }}
@@ -307,7 +307,7 @@ jobs:
 
       - name: Add eval summary to commit statuses
         if: ${{ github.event_name == 'pull_request_target' }}
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             const { readFile } = require('node:fs/promises')
@@ -337,7 +337,7 @@ jobs:
             })
       - name: Request changes if PR is against an inappropriate branch
         if: ${{ github.event_name == 'pull_request_target' }}
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             require('./nixpkgs/trusted/ci/github-script/check-target-branch.js')({
@@ -359,7 +359,7 @@ jobs:
           path: versions
 
       - name: Add version comparison table to job summary
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           ARTIFACT_PREFIX: ${{ inputs.artifact-prefix }}
           SYSTEMS: ${{ inputs.systems }}

.github/workflows/lint.yml

@@ -139,7 +139,7 @@ jobs:
           persist-credentials: true # Needed to run git fetch for large PRs.
           path: trusted
       - name: Check commit messages
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             const checkCommitMessages = require('./trusted/ci/github-script/lint-commits.js')

.github/workflows/merge-group.yml

@@ -32,7 +32,7 @@ jobs:
             ci/github-script/supportedSystems.js
 
       - id: prepare
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           MERGED_SHA: ${{ inputs.mergedSha }}
           TARGET_SHA: ${{ inputs.targetSha }}
@@ -125,7 +125,7 @@ jobs:
     permissions:
       statuses: write # creating 'no PR failures' commit status
     steps:
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           RESULTS: ${{ toJSON(needs.*.result) }}
         with:

.github/workflows/pull-request-target.yml

@@ -37,7 +37,7 @@ jobs:
           sparse-checkout: |
             ci/github-script
       - id: prepare
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           retries: 10
           # The default for this includes code 422, which happens regularly for us when comparing commits:
@@ -126,7 +126,7 @@ jobs:
     permissions:
       statuses: write
     steps:
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           RESULTS: ${{ toJSON(needs.*.result) }}
         with:

.github/workflows/review.yml

@@ -35,7 +35,7 @@ jobs:
           private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
           permission-pull-requests: write
 
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ steps.app-token.outputs.token || github.token }}
           retries: 3

.github/workflows/teams.yml

@@ -41,7 +41,7 @@ jobs:
         run: npm install bottleneck@2.19.5
 
       - name: Synchronise teams
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ steps.app-token.outputs.token }}
           script: |

.github/workflows/test.yml

@@ -26,7 +26,7 @@ jobs:
           sparse-checkout: |
             ci/github-script
       - id: prepare
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           retries: 10
           # The default for this includes code 422, which happens regularly for us when comparing commits:
@@ -45,7 +45,7 @@ jobs:
 
       - name: Determine changed files
         id: files
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             const files = (await github.paginate(github.rest.pulls.listFiles, {