From 87dc384836f760c2848f168aa0d48ec898998b49 Mon Sep 17 00:00:00 2001 From: Kutluhan Bayram Date: Mon, 23 Mar 2026 11:23:59 -0400 Subject: [PATCH] Harden workflows for Node 24 and quiet unconfigured smoke schedules --- .github/workflows/api-smoke-deployed.yml | 20 +++++++++++++++++--- .github/workflows/ci.yml | 15 +++++++++------ .github/workflows/security-scan.yml | 7 +++++-- 3 files changed, 31 insertions(+), 11 deletions(-) diff --git a/.github/workflows/api-smoke-deployed.yml b/.github/workflows/api-smoke-deployed.yml index a34a37b..932a59f 100644 --- a/.github/workflows/api-smoke-deployed.yml +++ b/.github/workflows/api-smoke-deployed.yml @@ -13,6 +13,9 @@ on: permissions: contents: read +env: + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" + jobs: smoke: name: Run deployed API smoke suite @@ -21,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Resolve target URL id: target @@ -41,15 +44,26 @@ jobs: fi if [[ -z "$target" ]]; then - echo "No target URL configured." - echo "Provide workflow input 'api_url' or set repo variable/secret SMOKE_API_URL." + if [[ "${{ github.event_name }}" == "schedule" ]]; then + echo "::notice::No target URL configured. Skipping scheduled smoke run." + echo "skip=true" >> "$GITHUB_OUTPUT" + exit 0 + fi + echo "::error::No target URL configured." + echo "::error::Provide workflow input 'api_url' or set repo variable/secret SMOKE_API_URL." exit 1 fi echo "Using API URL: $target" echo "url=$target" >> "$GITHUB_OUTPUT" + echo "skip=false" >> "$GITHUB_OUTPUT" + + - name: Skip notice + if: steps.target.outputs.skip == 'true' + run: echo "Scheduled smoke run skipped due to missing SMOKE_API_URL." - name: Run Hurl smoke suite + if: steps.target.outputs.skip != 'true' run: | docker run --rm \ -v "${{ github.workspace }}:/work" \ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0732db7..07171db 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,9 @@ on: permissions: contents: read +env: + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" + jobs: backend: name: Backend Build & Test @@ -19,12 +22,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: - node-version: 20 + node-version: 22 cache: npm cache-dependency-path: backend/package-lock.json @@ -49,12 +52,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: - node-version: 20 + node-version: 22 cache: npm cache-dependency-path: frontend/package-lock.json diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 91ba7bc..286659f 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -10,13 +10,16 @@ on: permissions: contents: read +env: + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" + jobs: trivy-filesystem: name: Trivy Filesystem Scan runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run Trivy filesystem scan run: | @@ -35,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Build backend image run: docker build -t trust-center-backend:ci -f backend/Dockerfile backend