From efe70930b532b02af6b8c3827be8c3a57c674464 Mon Sep 17 00:00:00 2001 From: Mateus Andrade <133387879+protonspy@users.noreply.github.com> Date: Mon, 6 Jul 2026 20:30:33 -0300 Subject: [PATCH] ci: bump pinned actions to Node 24 runtimes GitHub is deprecating the Node 20 runtime; the SHA-pinned actions still target it and are being force-run on Node 24. Re-pin each to the lowest Node 24-native major (newest patch), keeping SHA pins with version comments: - actions/checkout v4.3.1 -> v5.0.1 - actions/setup-node v4.4.0 -> v5.0.0 - actions/setup-go v5.6.0 -> v6.5.0 - actions/upload-artifact v4.6.2 -> v5.0.0 - actions/download-artifact v4.3.0 -> v5.0.0 - softprops/action-gh-release v2.6.2 -> v3.0.1 (v2's latest still on Node 20) Verified the target versions keep every input the workflows use (merge-multiple, retention-days, target_commitish, make_latest, files). --- .github/workflows/ci.yml | 16 ++++++++-------- .github/workflows/release.yml | 18 +++++++++--------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 610e546..cd1a0dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,9 +28,9 @@ jobs: os: [ubuntu-latest, windows-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: # Build/test with a current, patched toolchain even though go.mod keeps # its language directive at 1.22 for install-compatibility. Do NOT switch @@ -66,9 +66,9 @@ jobs: # flag on every file). runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: '1.25' cache: true @@ -100,9 +100,9 @@ jobs: name: web dashboard (build) runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '22' cache: npm @@ -124,12 +124,12 @@ jobs: run: working-directory: mcp-server steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 # Node 24: the unit tests are TypeScript run through node:test with native # type stripping (Node >= 22.18). The published package ships compiled JS # (dist/) and still supports Node >= 18 — see package.json "engines". - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '24' cache: npm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b593d8d..d2f0570 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,16 +63,16 @@ jobs: - { goos: windows, goarch: amd64 } - { goos: windows, goarch: arm64 } steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: # Ship binaries built with a current, patched toolchain (go.mod stays at # 1.22 for install-compatibility — do NOT switch to go-version-file). go-version: '1.25' cache: true - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '22' cache: npm @@ -108,7 +108,7 @@ jobs: fi rm -f "${bin}" - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: csdd-${{ matrix.goos }}-${{ matrix.goarch }} path: dist/* @@ -125,9 +125,9 @@ jobs: contents: read id-token: write # required for npm --provenance attestation steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' @@ -137,7 +137,7 @@ jobs: - name: Upgrade npm run: npm install -g npm@11 - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: path: artifacts merge-multiple: true @@ -194,7 +194,7 @@ jobs: permissions: contents: write steps: - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: path: dist merge-multiple: true @@ -203,7 +203,7 @@ jobs: run: cd dist && sha256sum * | tee checksums.txt - name: Create tag + release - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: ${{ inputs.version }} name: ${{ inputs.version }}