ci: bump actions/* to node24 versions#7
Conversation
GitHub will force node24 default on 2026-06-02 and remove node20 from the runner on 2026-09-16. Bumps: actions/checkout v4 -> v6 actions/setup-python v5 -> v6 actions/upload-artifact v4 -> v7 actions/download-artifact v4 -> v8 Each is at node24 on the bumped pin. No behavior change for our usage. tarmojussila/minimax-code-review v0.3.0 -> v0.4.0 Picks up exclude-patterns and max-diff-char-limit features (released 2026-04-16). Runtime stays on node20 - upstream has not shipped a node24 release yet, so the Node-20 deprecation warning for this action remains until they do. Third-party actions audited: peaceiris/actions-gh-pages@v4 already node24 lycheeverse/lychee-action@v2 composite pypa/gh-action-pypi-publish@release/v1 composite
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
MiniMax Code ReviewThe user wants me to review a pull request that updates GitHub Actions workflow files. Let me analyze the changes:
This is essentially an update of GitHub Actions to their latest versions. Let me provide a code review. Key observations:
Let me think about what feedback to provide:
The main concern here is:
I'll break down versioning nuances: checkout/actions progresses from v4 to v6: Significant updates include Node.js runtime enhancements and potential path configuration modifications. setup-python/actions advances from v5 to v6: Emphasizes Python 3.12 initial support and potential caching refinements. For artifact management: I'll flag specific migration considerations:
Potential nuanced challenges:
Pull Request Review: GitHub Actions Version UpdatesSummaryThis PR updates multiple GitHub Actions to newer versions. Overall, the changes follow a reasonable practice of keeping actions up-to-date. However, there are some concerns worth noting. ✅ Things Done Well
|
| Action | Jump | Potential Issues |
|---|---|---|
checkout v4→v6 |
Two major versions | Node runtime upgrade; some path behaviors may differ |
upload-artifact v4→v7 |
Three major versions | Different artifact handling; may require matching runner |
3. Unused with: Block in checkout v6
In link-check.yml, there's no change to the with: fetch-depth: 0 block. This should continue working, but it's worth confirming.
🔍 Questions for Author
- Were these changes tested on a fork or branch before merging?
- Is there a particular reason for jumping to v6/v7 instead of v5/v6 incrementally?
- Are the runners using self-hosted agents that might have older tooling that could cause conflicts?
📋 Recommendations
- Test in a draft PR or on a feature branch first to catch any issues before merging to
main. - Review the changelogs for
actions/checkout@v6andactions/upload-artifact@v7to understand any new requirements. - Consider adding a comment in
numbarrow_release.ymlexplaining whydownload-artifact@v8is needed (to pair with v7).
✅ Verdict: APPROVED with Notes
The changes are reasonable and the pairing of upload/download artifact versions is correct. Just ensure these have been tested or that you're comfortable accepting the risk of the version bumps. If this is a high-stakes repo where CI failures are costly, consider incremental updates instead.
There was a problem hiding this comment.
Pull request overview
Updates GitHub Actions workflow pins so CI/release/docs run on Node.js 24-backed action versions ahead of upcoming GitHub-hosted runner deprecations.
Changes:
- Bumped
actions/checkouttov6andactions/setup-pythontov6across CI/docs workflows. - Bumped artifact actions to
actions/upload-artifact@v7andactions/download-artifact@v8in relevant workflows. - Updated
tarmojussila/minimax-code-reviewfromv0.3.0tov0.4.0.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/numbarrow_release.yml | Updates checkout/setup-python and artifact action pins for release build/publish jobs. |
| .github/workflows/numbarrow_ci.yml | Updates checkout/setup-python pins in Linux/Windows matrix and macOS CI jobs. |
| .github/workflows/docs.yml | Updates checkout/setup-python pins for docs build/deploy workflow. |
| .github/workflows/doc-codeblock-flake8.yml | Updates checkout/setup-python pins for doc codeblock lint workflow. |
| .github/workflows/link-check.yml | Updates checkout and upload-artifact pins for link check reporting. |
| .github/workflows/minimax_code_review.yml | Updates minimax code review action pin to v0.4.0. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
What
Bump pinned action versions. Primary goal: workflows run on node24 before GitHub forces the default on 2026-06-02 and removes
node20on 2026-09-16.actions/checkout@v4@v6actions/setup-python@v5@v6actions/upload-artifact@v4@v7actions/download-artifact@v4@v8tarmojussila/minimax-code-review@v0.3.0@v0.4.015 line changes across
numbarrow_ci.yml,numbarrow_release.yml,docs.yml,doc-codeblock-flake8.yml,link-check.yml,minimax_code_review.yml.Third-party actions audited
peaceiris/actions-gh-pages@v4lycheeverse/lychee-action@v2pypa/gh-action-pypi-publish@release/v1After this lands, the only remaining
node20deprecation warning in CI logs will come fromtarmojussila/minimax-code-review(still node20 in v0.4.0; revisit when upstream ships node24).Notes
nelson2005/numbox#23andnelson2005/numbduck#48.