ci: future-proof action versions + stop no-op .github redeploys#22
Conversation
Future-proofing ahead of the 2026-06-16 Node 20 forced migration: bump all CI actions to their latest Node-24 majors -- checkout v4->v6, setup-python v5->v6, setup-buildx v3->v4, login v3->v4, build-push v6->v7. Also add ^\.github/ to the 'changes' filter so workflow/CI-config-only pushes skip the image build + Pi redeploy, consistent with the existing .md/.claude exclusions (all are baked into the image via 'COPY . .' but are inert at runtime). Mixed pushes that also touch real code still build, so no redeploy that changes runtime behavior is suppressed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Review: ci: future-proof action versions + stop no-op .github redeploysFilter logic — correct and safe. The regex Action versions — Security — SHA pinning (pre-existing, good time to fix): every action uses a mutable version tag ( Minor / pre-existing: the |
Our ci.yml change added ^\.github/ to the 'changes' gate, so update the CLAUDE.md + README descriptions of the docs-only skip to include .github/ (CI-config-only pushes now skip publish/redeploy too). Also add a CLAUDE.md note documenting the new claude-review.yml auto-review workflow: CLAUDE_CODE_OAUTH_TOKEN auth, comments-only, and the merge-first caveat for workflow edits. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Review: ci: future-proof action versions + stop no-op .github redeploys Clean CI hygiene PR. The action version bumps address the 2026-06-16 Node 20 forced migration and the |
Add 'if: !github.event.pull_request.draft' to the review job so draft PRs don't spend Pro usage on WIP; add 'ready_for_review' to the triggers so a review fires when a draft is marked ready (opened/synchronize already ran while it was a draft and were skipped). Docs: note drafts are skipped, and sharpen the 'fails its own review' explanation to attribute it to the action's backend workflow-validation (401), since a reviewer misread the prior wording as a GitHub execution-model claim. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Two bits of CI hygiene you asked for.
1. Future-proof action versions (Node 20 → 24)
All five CI actions are flagged for the 2026-06-16 Node 20 forced migration. Bumped to latest Node-24 majors:
2. Skip redeploys for
.github/-only pushesAdd
^\.github/to thechangesfilter. Why it's safe (your concern): it only suppresses the build when every changed file is under.md/.claude//.github/— all inert at runtime (baked in viaCOPY . .but never read by the app), exactly like the.mdexclusion you already rely on. Any push that also touches real code (src, Dockerfiles, requirements, scripts, compose) still builds and deploys. No runtime-affecting change is ever suppressed.Notes
.github/-only diff. Clean.test/auditexercise thecheckout/setup-pythonbumps directly. The docker-action bumps live inpublish, which only runs on a real deploy — so they're first exercised on your next code-change merge (low risk: these majors are the official Node-24 releases). Rollback is a one-line revert.claude-review.yml) — first non-throwaway run.🤖 Generated with Claude Code