chore(ci): update GitHub Actions to Node.js 24 compatible versions#402
Conversation
Node.js 20 actions are deprecated (forced to Node 24 starting June 2026, removed September 2026). Updated all actions to latest major versions: - actions/checkout v4 → v6 - actions/setup-node v4 → v6 - actions/cache v4 → v5 - actions/upload-artifact v4 → v7 - actions/download-artifact v4 → v8 - actions/create-github-app-token v1 → v3 - docker/login-action v3 → v4 - docker/build-push-action v5 → v7 - dorny/paths-filter v3 → v4 - codecov/codecov-action v5 → v6 - pnpm/action-setup v4 → v5 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 39e772685498
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (2)
WalkthroughBumps GitHub Actions versions across multiple workflow files (checkout, setup-node, pnpm, upload/download-artifact, cache, docker/build, codecov, paths-filter, create-github-app-token) and adds a Dependabot config plus a planning todo; no workflow logic, commands, or outputs were changed. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…es before June deadline Entire-Checkpoint: 729a21f8bc6d
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/ci.yml (1)
17-18: Consider pinning Actions to full commit SHAs for supply-chain hardening.The Actions in lines 17–18 (
actions/checkout@v6anddorny/paths-filter@v4) use mutable major version tags. Pinning to immutable commit SHAs reduces the risk of tag takeover or unexpected drift while still allowing controlled upgrades via Dependabot or Renovate.Note: This applies across all workflow files in
.github/workflows/—no SHA-pinned action references are currently used in the repository.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yml around lines 17 - 18, Replace mutable action tags with immutable commit SHAs: update the references to actions/checkout@v6 and dorny/paths-filter@v4 (and any other action usages in .github/workflows) to their corresponding full commit SHA pins, e.g. actions/checkout@<commit-sha> and dorny/paths-filter@<commit-sha>, and commit the updated workflow YAMLs; use Dependabot/ Renovate to manage future action upgrades so you can safely review and bump SHAs rather than relying on floating tags.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 17-18: Replace mutable action tags with immutable commit SHAs:
update the references to actions/checkout@v6 and dorny/paths-filter@v4 (and any
other action usages in .github/workflows) to their corresponding full commit SHA
pins, e.g. actions/checkout@<commit-sha> and dorny/paths-filter@<commit-sha>,
and commit the updated workflow YAMLs; use Dependabot/ Renovate to manage future
action upgrades so you can safely review and bump SHAs rather than relying on
floating tags.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: ef14e6b5-82f7-487e-9a66-2e701798467e
📒 Files selected for processing (10)
.github/workflows/ci-e2e.yml.github/workflows/ci.yml.github/workflows/codecov-base.yml.github/workflows/deploy-staging.yml.github/workflows/desktop-e2e.yml.github/workflows/load-test.yml.github/workflows/release-gate.yml.github/workflows/release-please.yml.github/workflows/tag-staging.yml.github/workflows/web-e2e.yml
There was a problem hiding this comment.
Pull request overview
Updates CI workflow dependencies (GitHub Actions) to major versions compatible with GitHub’s upcoming Node.js 24 runtime for actions, eliminating the Node.js 20 deprecation warning across pipelines.
Changes:
- Bumped core GitHub Actions versions across workflows (checkout, setup-node, cache, upload/download-artifact).
- Updated third-party workflow actions (pnpm/action-setup, dorny/paths-filter, docker/*, codecov, create-github-app-token).
- Kept workflow logic and inputs unchanged while modernizing action runtimes.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/web-e2e.yml | Updates checkout/setup-node/pnpm/upload-artifact action versions used by Web E2E. |
| .github/workflows/tag-staging.yml | Updates checkout action version for tag validation and staging tag creation. |
| .github/workflows/release-please.yml | Updates create-github-app-token version used for release-please authentication. |
| .github/workflows/release-gate.yml | Updates checkout action version for release gate change detection. |
| .github/workflows/load-test.yml | Updates checkout/setup-node/pnpm/upload-artifact versions used by load tests. |
| .github/workflows/desktop-e2e.yml | Updates checkout/setup-node/pnpm/cache/upload-artifact versions for desktop E2E. |
| .github/workflows/deploy-staging.yml | Updates checkout/docker/setup-node/pnpm/cache/upload/download-artifact versions for staging deploy/build. |
| .github/workflows/codecov-base.yml | Updates checkout and codecov action versions for base-branch coverage upload. |
| .github/workflows/ci.yml | Updates checkout/paths-filter/setup-node/pnpm/cache/codecov/upload-artifact versions across CI jobs. |
| .github/workflows/ci-e2e.yml | Updates checkout/paths-filter versions for E2E orchestration gating. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #402 +/- ##
===========================================
+ Coverage 61.25% 71.25% +10.00%
===========================================
Files 133 112 -21
Lines 9790 6823 -2967
Branches 986 986
===========================================
- Hits 5997 4862 -1135
+ Misses 3577 1745 -1832
Partials 216 216
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Weekly checks for action updates on Mondays. PRs are labeled with dependencies + ci and use conventional commit prefix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: a23ee7b7e888
Summary
Update all GitHub Actions to latest major versions that support Node.js 24, addressing the deprecation warning:
Actions unchanged (already at latest or no Node 24 update available):
googleapis/release-please-action@v4ikalnytskyi/action-setup-postgres@v8tauri-apps/tauri-action@v0appleboy/scp-action@v0.1.7/appleboy/ssh-action@v1.2.0Test plan
🤖 Generated with Claude Code
Summary by CodeRabbit