Skip to content

chore(ci): update GitHub Actions to Node.js 24 compatible versions#402

Merged
FSM1 merged 3 commits into
mainfrom
chore/update-actions-node24
Mar 30, 2026
Merged

chore(ci): update GitHub Actions to Node.js 24 compatible versions#402
FSM1 merged 3 commits into
mainfrom
chore/update-actions-node24

Conversation

@FSM1

@FSM1 FSM1 commented Mar 30, 2026

Copy link
Copy Markdown
Owner

Summary

Update all GitHub Actions to latest major versions that support Node.js 24, addressing the deprecation warning:

Node.js 20 actions are deprecated. Actions will be forced to run with Node.js 24 starting June 2nd, 2026.

Action Old New
actions/checkout v4 v6
actions/setup-node v4 v6
actions/cache v4 v5
actions/upload-artifact v4 v7
actions/download-artifact v4 v8
actions/create-github-app-token v1 v3
docker/login-action v3 v4
docker/build-push-action v5 v7
dorny/paths-filter v3 v4
codecov/codecov-action v5 v6
pnpm/action-setup v4 v5

Actions unchanged (already at latest or no Node 24 update available):

  • googleapis/release-please-action@v4
  • ikalnytskyi/action-setup-postgres@v8
  • tauri-apps/tauri-action@v0
  • appleboy/scp-action@v0.1.7 / appleboy/ssh-action@v1.2.0

Test plan

  • CI passes on this PR (the updated actions run themselves)

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated multiple CI/CD GitHub Actions to newer major versions across workflows to keep builds and deployments current.
    • Added Dependabot configuration to automate weekly GitHub Actions updates.
  • Documentation
    • Added a maintenance TODO outlining checks and fallback guidance for upcoming Node compatibility updates.

Node.js 20 actions are deprecated (forced to Node 24 starting June 2026,
removed September 2026). Updated all actions to latest major versions:

- actions/checkout v4 → v6
- actions/setup-node v4 → v6
- actions/cache v4 → v5
- actions/upload-artifact v4 → v7
- actions/download-artifact v4 → v8
- actions/create-github-app-token v1 → v3
- docker/login-action v3 → v4
- docker/build-push-action v5 → v7
- dorny/paths-filter v3 → v4
- codecov/codecov-action v5 → v6
- pnpm/action-setup v4 → v5

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 39e772685498
@coderabbitai

coderabbitai Bot commented Mar 30, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 484e383d-782f-4241-b42b-3da298f92f72

📥 Commits

Reviewing files that changed from the base of the PR and between fed500a and 0d6c5cb.

📒 Files selected for processing (2)
  • .github/dependabot.yml
  • .planning/todos/pending/2026-03-30-check-remaining-github-actions-for-node-24-updates-before-june-deadline.md
✅ Files skipped from review due to trivial changes (2)
  • .github/dependabot.yml
  • .planning/todos/pending/2026-03-30-check-remaining-github-actions-for-node-24-updates-before-june-deadline.md

Walkthrough

Bumps GitHub Actions versions across multiple workflow files (checkout, setup-node, pnpm, upload/download-artifact, cache, docker/build, codecov, paths-filter, create-github-app-token) and adds a Dependabot config plus a planning todo; no workflow logic, commands, or outputs were changed.

Changes

Cohort / File(s) Summary
Core CI workflows
.github/workflows/.../ci.yml, .github/workflows/.../ci-e2e.yml, .github/workflows/.../desktop-e2e.yml, .github/workflows/.../web-e2e.yml, .github/workflows/.../load-test.yml
Updated standard action versions: actions/checkout v4→v6, actions/setup-node v4→v6, pnpm/action-setup v4→v5, actions/upload-artifact v4→v7; dorny/paths-filter v3→v4 and actions/cache v4→v5 where present. No logic changes.
Deployment & staging
.github/workflows/.../deploy-staging.yml, .github/workflows/.../tag-staging.yml
Bumped multiple build/deploy actions: actions/checkout v4→v6, docker/login-action v3→v4, docker/build-push-action v5→v7, actions/download-artifact v4→v8, plus pnpm/action-setup, actions/setup-node, actions/cache, actions/upload-artifact. No step/command changes.
Release automation
.github/workflows/.../release-gate.yml, .github/workflows/.../release-please.yml
Replaced actions/checkout v4→v6 and actions/create-github-app-token v1→v3; token outputs and downstream usage unchanged.
Coverage & reporting
.github/workflows/.../codecov-base.yml
Bumped actions/checkout v4→v6 and codecov/codecov-action v5→v6; upload gating and inputs unchanged.
E2E & desktop workflows
.github/workflows/.../ci-e2e.yml, .github/workflows/.../desktop-e2e.yml
Updated runner/setup action versions (checkout, setup-node, pnpm, cache, upload-artifact) without changing test commands or artifact paths.
Repo tooling / config
.github/dependabot.yml, .planning/todos/pending/2026-03-30-check-remaining-github-actions-for-node-24-updates-before-june-deadline.md
Added Dependabot config to auto-update GitHub Actions weekly and a planning/todo doc listing remaining actions to check for Node 24 compatibility with an automation snippet and fallback workaround.
Other small workflow updates
multiple .github/workflows/*.yml (detect-changes, tag validation, etc.)
Minor single-step version bumps (e.g., actions/checkout v4→v6, actions/upload-artifact v4→v7) across ancillary workflows; no functional changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately and specifically summarizes the main change: updating GitHub Actions to Node.js 24 compatible versions across all workflows.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/update-actions-node24

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

…es before June deadline

Entire-Checkpoint: 729a21f8bc6d

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/ci.yml (1)

17-18: Consider pinning Actions to full commit SHAs for supply-chain hardening.

The Actions in lines 17–18 (actions/checkout@v6 and dorny/paths-filter@v4) use mutable major version tags. Pinning to immutable commit SHAs reduces the risk of tag takeover or unexpected drift while still allowing controlled upgrades via Dependabot or Renovate.

Note: This applies across all workflow files in .github/workflows/—no SHA-pinned action references are currently used in the repository.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 17 - 18, Replace mutable action tags
with immutable commit SHAs: update the references to actions/checkout@v6 and
dorny/paths-filter@v4 (and any other action usages in .github/workflows) to
their corresponding full commit SHA pins, e.g. actions/checkout@<commit-sha> and
dorny/paths-filter@<commit-sha>, and commit the updated workflow YAMLs; use
Dependabot/ Renovate to manage future action upgrades so you can safely review
and bump SHAs rather than relying on floating tags.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 17-18: Replace mutable action tags with immutable commit SHAs:
update the references to actions/checkout@v6 and dorny/paths-filter@v4 (and any
other action usages in .github/workflows) to their corresponding full commit SHA
pins, e.g. actions/checkout@<commit-sha> and dorny/paths-filter@<commit-sha>,
and commit the updated workflow YAMLs; use Dependabot/ Renovate to manage future
action upgrades so you can safely review and bump SHAs rather than relying on
floating tags.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ef14e6b5-82f7-487e-9a66-2e701798467e

📥 Commits

Reviewing files that changed from the base of the PR and between 5a45a65 and fed500a.

📒 Files selected for processing (10)
  • .github/workflows/ci-e2e.yml
  • .github/workflows/ci.yml
  • .github/workflows/codecov-base.yml
  • .github/workflows/deploy-staging.yml
  • .github/workflows/desktop-e2e.yml
  • .github/workflows/load-test.yml
  • .github/workflows/release-gate.yml
  • .github/workflows/release-please.yml
  • .github/workflows/tag-staging.yml
  • .github/workflows/web-e2e.yml

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates CI workflow dependencies (GitHub Actions) to major versions compatible with GitHub’s upcoming Node.js 24 runtime for actions, eliminating the Node.js 20 deprecation warning across pipelines.

Changes:

  • Bumped core GitHub Actions versions across workflows (checkout, setup-node, cache, upload/download-artifact).
  • Updated third-party workflow actions (pnpm/action-setup, dorny/paths-filter, docker/*, codecov, create-github-app-token).
  • Kept workflow logic and inputs unchanged while modernizing action runtimes.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/web-e2e.yml Updates checkout/setup-node/pnpm/upload-artifact action versions used by Web E2E.
.github/workflows/tag-staging.yml Updates checkout action version for tag validation and staging tag creation.
.github/workflows/release-please.yml Updates create-github-app-token version used for release-please authentication.
.github/workflows/release-gate.yml Updates checkout action version for release gate change detection.
.github/workflows/load-test.yml Updates checkout/setup-node/pnpm/upload-artifact versions used by load tests.
.github/workflows/desktop-e2e.yml Updates checkout/setup-node/pnpm/cache/upload-artifact versions for desktop E2E.
.github/workflows/deploy-staging.yml Updates checkout/docker/setup-node/pnpm/cache/upload/download-artifact versions for staging deploy/build.
.github/workflows/codecov-base.yml Updates checkout and codecov action versions for base-branch coverage upload.
.github/workflows/ci.yml Updates checkout/paths-filter/setup-node/pnpm/cache/codecov/upload-artifact versions across CI jobs.
.github/workflows/ci-e2e.yml Updates checkout/paths-filter versions for E2E orchestration gating.

@codecov

codecov Bot commented Mar 30, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.25%. Comparing base (5a45a65) to head (0d6c5cb).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##             main     #402       +/-   ##
===========================================
+ Coverage   61.25%   71.25%   +10.00%     
===========================================
  Files         133      112       -21     
  Lines        9790     6823     -2967     
  Branches      986      986               
===========================================
- Hits         5997     4862     -1135     
+ Misses       3577     1745     -1832     
  Partials      216      216               
Flag Coverage Δ
api 84.31% <ø> (ø)
api-client 84.31% <ø> (ø)
core 84.31% <ø> (ø)
crypto 84.31% <ø> (ø)
desktop 14.95% <ø> (-16.27%) ⬇️
sdk 84.31% <ø> (ø)
sdk-core 84.31% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 34 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Weekly checks for action updates on Mondays. PRs are labeled with
dependencies + ci and use conventional commit prefix.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: a23ee7b7e888
@FSM1 FSM1 enabled auto-merge (squash) March 30, 2026 00:43
@FSM1 FSM1 merged commit b03f8a3 into main Mar 30, 2026
27 checks passed
@FSM1 FSM1 deleted the chore/update-actions-node24 branch April 14, 2026 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants