Update github actions (major)#1552
Conversation
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
Pull Request Overview
The major version updates to GitHub Actions in this PR are up to general quality standards, but they introduce significant functional risks that require verification. Specifically, the upgrade to actions/upload-pages-artifact@v5 now excludes hidden files by default, which may prevent .nojekyll files from being published and break documentation rendering. Additionally, the move to actions/github-script@v9 transitions to an ESM-only environment, which may break scripts relying on the require() function for built-ins like fs. Finally, updates to synchronized workflows must be applied to the source templates to avoid regressions during the next template sync.
About this PR
- Major version upgrades to core actions in this PR introduce breaking changes in script execution (ESM migration) and artifact packaging (dotfile exclusion). Ensure all automation scripts and deployment artifacts are verified against these new runtime behaviors.
Test suggestions
- Verify GitHub Pages site functionality, specifically checking if hidden files (e.g., .nojekyll) are missing from the published site.
- Verify that 'require("fs")' in squad-heartbeat.yml and other workflows still functions within the github-script@v9 ESM context.
- Validate that the 'squad:copilot' issue assignment still works given the breaking changes in the Octokit client within github-script@v9.
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify GitHub Pages site functionality, specifically checking if hidden files (e.g., .nojekyll) are missing from the published site.
2. Verify that 'require("fs")' in squad-heartbeat.yml and other workflows still functions within the github-script@v9 ESM context.
3. Validate that the 'squad:copilot' issue assignment still works given the breaking changes in the Octokit client within github-script@v9.
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/checkout@v7 |
There was a problem hiding this comment.
🟡 MEDIUM RISK
This workflow is part of a synchronized set of files. The header comment requires changes to be applied to all locations, including the source template (templates/workflows/squad-heartbeat.yml). Missing these updates will cause the version bumps to be overwritten during the next template sync.
| - name: 📤 Upload Pages artifact | ||
| if: github.ref == 'refs/heads/main' | ||
| uses: actions/upload-pages-artifact@v3 | ||
| uses: actions/upload-pages-artifact@v5 |
There was a problem hiding this comment.
🟡 MEDIUM RISK
Starting with v4, this action no longer includes hidden files (dotfiles) by default. If your documentation relies on '.nojekyll' or other dotfiles for proper rendering, you must add 'include-hidden-files: true' to the inputs.
61961f3 to
698b789
Compare
698b789 to
e7fbaac
Compare
This PR contains the following updates:
v4→v7v4→v5v7→v9Release Notes
actions/checkout (actions/checkout)
v7.0.0Compare Source
v7Compare Source
v6.0.3Compare Source
v6.0.2Compare Source
v6.0.1Compare Source
v6.0.0Compare Source
v6Compare Source
v5.0.1Compare Source
v5.0.0Compare Source
v5Compare Source
actions/deploy-pages (actions/deploy-pages)
v5.0.0Compare Source
Changelog
See details of all code changes since previous release.
v5Compare Source
actions/github-script (actions/github-script)
v9.0.0Compare Source
New features:
getOctokitfactory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients withgetOctokitfor details and examples.ACTIONS_ORCHESTRATION_IDenvironment variable is automatically appended to the user-agent string for request tracing.Breaking changes:
require('@​actions/github')no longer works in scripts. The upgrade to@actions/githubv9 (ESM-only) meansrequire('@​actions/github')will fail at runtime. If you previously used patterns likeconst { getOctokit } = require('@​actions/github')to create secondary clients, use the new injectedgetOctokitfunction instead — it's available directly in the script context with no imports needed.getOctokitis now an injected function parameter. Scripts that declareconst getOctokit = ...orlet getOctokit = ...will get aSyntaxErrorbecause JavaScript does not allowconst/letredeclaration of function parameters. Use the injectedgetOctokitdirectly, or usevar getOctokit = ...if you need to redeclare it.@actions/githubinternals beyond the standardgithub/octokitclient, you may need to update those references for v9 compatibility.What's Changed
New Contributors
Full Changelog: actions/github-script@v8.0.0...v9.0.0
v9Compare Source
v8.0.0Compare Source
v8: .0.0Compare Source
What's Changed
v2.327.1
Release Notes
Make sure your runner is updated to this version or newer to use this release.
New Contributors
Full Changelog: actions/github-script@v7.1.0...v8.0.0
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.