Skip to content

ci: bump GitHub Actions to Node-24 majors#5

Closed
Patrick Miller (MillerPatrick214) wants to merge 1 commit into
mainfrom
ci-bump-node24-actions
Closed

ci: bump GitHub Actions to Node-24 majors#5
Patrick Miller (MillerPatrick214) wants to merge 1 commit into
mainfrom
ci-bump-node24-actions

Conversation

@MillerPatrick214

@MillerPatrick214 Patrick Miller (MillerPatrick214) commented Jun 9, 2026

Copy link
Copy Markdown
Collaborator

What

GitHub forces Node-20 JS actions onto Node 24 starting 2026-06-16 (Node 20 removed from runners 2026-09-16). This bumps this repo's inline workflow jobs to the Node-24 action majors.

Changes

  • actions/checkout v4 → v5
  • actions/setup-node v4 → v5 (where present)
  • google-github-actions/auth v2 → v3 (where present)
  • google-github-actions/setup-gcloud v2 → v3 (where present)

Safety

  • auth v3 removed only backoff/backoff_limit/retries (unused here); keeps credentials_json/workload_identity_provider/service_account/project_id.
  • setup-gcloud v3 dropped skip_tool_cache (unused).
  • All confirmed using: node24.

Part of the org-wide Node-24 sweep — reusable workflows in surmado/.github#11.

🤖 Generated with Claude Code

@MillerPatrick214 @claude
ci: bump GitHub Actions to Node-24 majors
4a8aebe 
GitHub forces Node-20 JS actions to Node 24 on 2026-06-16. Bump inline workflow jobs: actions/checkout v4->v5, actions/setup-node v4->v5, google-github-actions/auth v2->v3, google-github-actions/setup-gcloud v2->v3 (only versions present here change).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@terry-davis-divine-intellect

terry-davis-divine-intellect Bot commented Jun 9, 2026

Copy link
Copy Markdown

Automated Checks (advisory, non-blocking)

✅ All checks passed.

Standards Compliance

The actual actions/checkout@v5 bump is fine, but the touched workflow still shows a Python CI setup that does not match the repo standard:

- name: Set up Python ${{ matrix.python-version }}
  uses: actions/setup-python@v5

Surmado’s Python CI standard says to use astral-sh/setup-uv@v5, not actions/setup-python, with installs/run commands going through uv. Since this PR already edits .github/workflows/ci.yml, it leaves the file in a standards-mismatched state. Risk is mostly consistency/reproducibility: the workflow keeps diverging from the org’s canonical uv-managed setup.

Internal Docs Alignment

No contradiction with the supplied internal docs on the Node-24 migration itself — bumping actions/checkout to v5 is aligned with the org-wide sweep described in the PR. The only visible gap is the standards-level CI mismatch above.

Summary

This PR updates .github/workflows/ci.yml to use actions/checkout@v5 for Node-24 compatibility. It only touches CI bootstrap, so application/runtime blast radius is low, but the workflow still appears to be using the older non-uv Python setup path.
Reviewer: most of the risk is in the CI bootstrap steps in .github/workflows/ci.yml — especially the remaining setup-python usage and whether any other JS actions in the workflow still need Node-24 major bumps.

What to pay attention to

  • Python workflow bootstrap: the file is being touched, so this is the natural place to check whether the repo should be brought onto the standard setup-uv pattern now.
  • Scope of the Node-24 sweep: the PR description mentions several action major bumps, but the visible diff only updates actions/checkout. Worth confirming there aren’t other Node-20 JS actions still present elsewhere in this workflow.

Things I noticed

🔴 Red flags — fix before merge:

  • .github/workflows/ci.yml remains out of compliance with the repo’s Python CI standard: 
    - name: Set up Python ${{ matrix.python-version }}
  uses: actions/setup-python@v5
    The standard requires astral-sh/setup-uv@v5 for Python repos/workflows. This wasn’t introduced by the one-line change, but it is still present in the file being modified.

🟡 Yellow flags — consider for this PR or a follow-up:

  • The PR body describes a broader Node-24 action sweep, but the diff shown here only changes actions/checkout. If that’s intentional, fine; if not, reviewers should verify no other JS actions were missed.

Good patterns

  • Nice low-blast-radius change: this is a narrowly scoped CI maintenance update.
  • The PR description gives clear migration rationale and dates, which makes the intent easy to validate.

Suggested improvements

  1. Update this workflow to the repo’s standard Python CI bootstrap while the file is already open: 
    - uses: astral-sh/setup-uv@v5
- run: uv sync --locked
  2. If more actions were audited than are visible in this diff, call out the exact workflow steps reviewed so the human reviewer can confirm Node-24 coverage quickly.

Questions for the author

  • Is this repo intentionally exempt from the astral-sh/setup-uv@v5 Python CI standard, or should this workflow be updated in the same PR?
  • Were there no other Node-20 JavaScript actions in this workflow besides actions/checkout, or is the rest of the sweep happening in separate PRs?

SCOUT-REVIEW (v3-rag-gpt5) — RAG-enhanced internal review. Automated — not a substitute for human judgment.

@MillerPatrick214

Patrick Miller (MillerPatrick214) commented Jun 9, 2026

Copy link
Copy Markdown
Collaborator Author

Closing — out of scope for now; not landing the per-repo Node-24 bump. (Shared reusable CI is handled in surmado/.github#11.)

@MillerPatrick214 Patrick Miller (MillerPatrick214) deleted the ci-bump-node24-actions branch June 9, 2026 21:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MillerPatrick214