Update actions to use versions that use Node v24#3451
Update actions to use versions that use Node v24#3451kevinb-khan wants to merge 6 commits intomainfrom
Conversation
🗄️ Schema Change: No Changes ✅ |
|
Size Change: 0 B Total Size: 495 kB ℹ️ View Unchanged
|
🛠️ Item Splitting: No Changes ✅ |
npm Snapshot: NOT PublishedOh noes!! We couldn't find any changesets in this PR (6f1561b). As a result, we did not |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
jeremywiebe
left a comment
jeremywiebe
left a comment
There was a problem hiding this comment.
Actual workflow changes are great.
With regards to the script, I have several comments and one more, in general. Will this be something we want to bake in to wonder-stuff as a pnpm dlx-able tool like we did for wonder-stuff-tool-new-pkg?
| * Scan all workflow and action YAML files for GitHub Action references and | ||
| * ensure they are pinned to commit SHAs. Handles two cases: | ||
| * 1. Already pinned (`uses: owner/repo@<sha> # <tag>`) — updates stale SHAs | ||
| * 2. Unpinned (`uses: owner/repo@<tag>`) — replaces with `@<sha> # <tag>` |
There was a problem hiding this comment.
When you say "stale", does this mean "not latest" or something else? ie. Is this an upgrade script or just one that transforms our workflow yaml file to all have SHA-pinned actions references?
There was a problem hiding this comment.
The commit that a tag points to can change over time. If the SHA isn't current then it updates the SHA to point to whatever the corresponding tag currently points to.
utils/update-pinned-actions.ts
Outdated
| .sort(); | ||
| console.log("Allowed actions:\n"); | ||
| for (const repo of uniqueRepos) { | ||
| console.log(`${repo}@*,`); |
There was a problem hiding this comment.
Also, since the workflow yml files reference actions as repo/name, would we be more clear with this listing if we used:
console.log(`${repo}/*`);
There was a problem hiding this comment.
I think this makes sense as is because usually the actions appear in workflows like so:
uses: Repo/name@vN
jeremywiebe
left a comment
jeremywiebe
left a comment
There was a problem hiding this comment.
Super! Thanks for breaking the pieces into separate functions! That's super helpful.
| let m: RegExpExecArray | null; | ||
|
|
||
| // Collect already-pinned refs | ||
| // Groups: action(1), sha(2), quote(3), ref(4) |
There was a problem hiding this comment.
In cases like this, I often use named groups to make the code a bit more resilient to changes in the groups the regex has.
Eg.
const PINNED_RE =
/(?<=^[^#\n]*uses:\s+"?)(?<action>[^@\s"]+)@(?<ref>[a-f0-9]{40})("?)[^\S\n]+#[^\S\n]*(\S+)/gm;
const m = PINNED_RE.exec(content);
if (m != null) {
const {action, ref} = m.groups;
...
}No action required.
There was a problem hiding this comment.
Cool! Thanks for converting to .ts. Can you also chmod +x utils/update-pinned-actions.ts so we can run this as $ ./utils/update-pinned-actions.ts, please?
2 participants
Summary:
GitHub Actions will no longer be supporting the use of Node v20 in workflow and actions on April 24. That means we need to make sure all workflows and actions are using Node v24 before then.
This PR also includes a script which we use in some of our other repos to keep the SHAs for actions up to date. It updated the SHA based on the version in the comment that comes after it.
Issue: FEI-7601
Test plan: