ci: bump pinned actions to Node 24 runtimes#47
Merged
Conversation
GitHub is deprecating the Node 20 runtime; the SHA-pinned actions still target it and are being force-run on Node 24. Re-pin each to the lowest Node 24-native major (newest patch), keeping SHA pins with version comments: - actions/checkout v4.3.1 -> v5.0.1 - actions/setup-node v4.4.0 -> v5.0.0 - actions/setup-go v5.6.0 -> v6.5.0 - actions/upload-artifact v4.6.2 -> v5.0.0 - actions/download-artifact v4.3.0 -> v5.0.0 - softprops/action-gh-release v2.6.2 -> v3.0.1 (v2's latest still on Node 20) Verified the target versions keep every input the workflows use (merge-multiple, retention-days, target_commitish, make_latest, files).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GitHub is deprecating the Node 20 runtime on Actions runners. Our SHA-pinned actions still target Node 20 and were being force-run on Node 24 during the v0.2.25 release (non-fatal warnings). This re-pins each to the lowest Node 24–native major (newest patch in that major), keeping SHA pins + version comments.
action-gh-releasegoes to v3 because v2's latest (v2.6.2) is still on Node 20.Compatibility check
release.ymlruns only onworkflow_dispatch, so PR CI does not exercise its artifact/publish flow. I verified against each target version'saction.ymlthat every input the workflows use still exists:path,merge-multiplename,path,retention-daystag_name,name,target_commitish,make_latest,filesDiff is
uses:-lines only; both workflows still parse as valid YAML. Theci.ymlchecks validate the non-release jobs here; the release path is unchanged in behavior and will be exercised on the nextrelease.ymldispatch.