Skip to content

ci: bump actions/* to node24 versions#7

Merged
nelson2005 merged 1 commit into
mainfrom
chore/bump-actions-node24
May 23, 2026
Merged

ci: bump actions/* to node24 versions#7
nelson2005 merged 1 commit into
mainfrom
chore/bump-actions-node24

Conversation

@nelson2005

Copy link
Copy Markdown
Owner

What

Bump pinned action versions. Primary goal: workflows run on node24 before GitHub forces the default on 2026-06-02 and removes node20 on 2026-09-16.

Action Was Now Runtime at pin
actions/checkout @v4 @v6 node24
actions/setup-python @v5 @v6 node24
actions/upload-artifact @v4 @v7 node24 (ESM)
actions/download-artifact @v4 @v8 node24 (ESM)
tarmojussila/minimax-code-review @v0.3.0 @v0.4.0 still node20 — picks up exclude-patterns + max-diff-char-limit features

15 line changes across numbarrow_ci.yml, numbarrow_release.yml, docs.yml, doc-codeblock-flake8.yml, link-check.yml, minimax_code_review.yml.

Third-party actions audited

Action Runtime Conclusion
peaceiris/actions-gh-pages@v4 node24 Already on node24
lycheeverse/lychee-action@v2 composite No node runtime
pypa/gh-action-pypi-publish@release/v1 composite No node runtime

After this lands, the only remaining node20 deprecation warning in CI logs will come from tarmojussila/minimax-code-review (still node20 in v0.4.0; revisit when upstream ships node24).

Notes

GitHub will force node24 default on 2026-06-02 and remove node20 from the
runner on 2026-09-16. Bumps:

  actions/checkout          v4 -> v6
  actions/setup-python      v5 -> v6
  actions/upload-artifact   v4 -> v7
  actions/download-artifact v4 -> v8

Each is at node24 on the bumped pin. No behavior change for our usage.

  tarmojussila/minimax-code-review v0.3.0 -> v0.4.0

Picks up exclude-patterns and max-diff-char-limit features (released
2026-04-16). Runtime stays on node20 - upstream has not shipped a node24
release yet, so the Node-20 deprecation warning for this action remains
until they do.

Third-party actions audited:

  peaceiris/actions-gh-pages@v4           already node24
  lycheeverse/lychee-action@v2            composite
  pypa/gh-action-pypi-publish@release/v1  composite
Copilot AI review requested due to automatic review settings May 23, 2026 01:25
@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@github-actions

Copy link
Copy Markdown

MiniMax Code Review

The user wants me to review a pull request that updates GitHub Actions workflow files. Let me analyze the changes:

  1. actions/checkout - v4 → v6
  2. actions/setup-python - v5 → v6
  3. actions/upload-artifact - v4 → v7
  4. actions/download-artifact - v4 → v8
  5. tarmojussila/minimax-code-review - v0.3.0 → v0.4.0

This is essentially an update of GitHub Actions to their latest versions. Let me provide a code review.

Key observations:

  1. These are all major version bumps for some actions
  2. The upgrade pattern seems consistent - trying to use latest stable versions
  3. However, I should note potential compatibility concerns

Let me think about what feedback to provide:

  1. checkout v4 → v6: This is a big jump (v4 -> v6). There might be breaking changes between these versions that could affect the workflows. Need to check if there are any breaking changes.

  2. setup-python v5 → v6: Also a major version bump. Should check release notes.

  3. upload-artifact v4 → v7: Major version jump. The v4 to v7 transition is significant. Need to verify compatibility with the download-artifact version (now v8).

  4. download-artifact v4 → v8: This is correct - upload-artifact v7 pairs with download-artifact v8.

  5. minimax-code-review v0.3.0 → v0.4.0: Minor version bump, likely safer.

The main concern here is:

  • upload-artifact v7 requires a matching download-artifact v8 (which is done correctly)

  • However, if they're using actions/cache or other actions that depend on artifact actions, there might be compatibility issues

  • Most GitHub-hosted runners should handle these updates smoothly, but verifying compatibility with custom runners is crucial

  • I'll recommend reviewing action-specific breaking changes, especially for minimax-code-review v0.4.0

  • Manual testing in a feature branch would provide additional confidence before full deployment

I'll break down versioning nuances:

checkout/actions progresses from v4 to v6: Significant updates include Node.js runtime enhancements and potential path configuration modifications. setup-python/actions advances from v5 to v6: Emphasizes Python 3.12 initial support and potential caching refinements.

For artifact management:
upload-artifact shifts from v4 to v7: Introduces novel retention capabilities, leveraging enhanced upload mechanisms.
download-artifact transitions from v4 to v8: Achieves alignment with upload-artifact v7, ensuring integrated artifact handling across pipeline stages.

I'll flag specific migration considerations:

  • Verify critical workflows for extensive checkout operations
  • Monitor potential token permission adjustments
  • Validate Python environment setups post-action modifications

Potential nuanced challenges:

  • Older runner configurations might demand adjustments
  • Comprehensive testing remains strategically essential

Pull Request Review: GitHub Actions Version Updates

Summary

This PR updates multiple GitHub Actions to newer versions. Overall, the changes follow a reasonable practice of keeping actions up-to-date. However, there are some concerns worth noting.


✅ Things Done Well

  • Consistent versioning approach across workflows
  • Properly pairing upload-artifact@v7 with download-artifact@v8 (they must match)
  • Minor version bump for third-party action (minimax-code-review) rather than major jump

⚠️ Concerns

1. Major Version Jumps Without Mentioned Testing

The changes jump multiple major versions:

  • checkout: v4 → v6 (skips v5 entirely)
  • setup-python: v5 → v6 (direct major bump)
  • upload-artifact: v4 → v7 (big jump)

These jumps risk breaking changes not being tested. While many users update without issues, large jumps are riskier.

2. Breaking Changes Risk

Action Jump Potential Issues
checkout v4→v6 Two major versions Node runtime upgrade; some path behaviors may differ
upload-artifact v4→v7 Three major versions Different artifact handling; may require matching runner

3. Unused with: Block in checkout v6

In link-check.yml, there's no change to the with: fetch-depth: 0 block. This should continue working, but it's worth confirming.


🔍 Questions for Author

  1. Were these changes tested on a fork or branch before merging?
  2. Is there a particular reason for jumping to v6/v7 instead of v5/v6 incrementally?
  3. Are the runners using self-hosted agents that might have older tooling that could cause conflicts?

📋 Recommendations

  1. Test in a draft PR or on a feature branch first to catch any issues before merging to main.
  2. Review the changelogs for actions/checkout@v6 and actions/upload-artifact@v7 to understand any new requirements.
  3. Consider adding a comment in numbarrow_release.yml explaining why download-artifact@v8 is needed (to pair with v7).

✅ Verdict: APPROVED with Notes

The changes are reasonable and the pairing of upload/download artifact versions is correct. Just ensure these have been tested or that you're comfortable accepting the risk of the version bumps. If this is a high-stakes repo where CI failures are costly, consider incremental updates instead.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates GitHub Actions workflow pins so CI/release/docs run on Node.js 24-backed action versions ahead of upcoming GitHub-hosted runner deprecations.

Changes:

  • Bumped actions/checkout to v6 and actions/setup-python to v6 across CI/docs workflows.
  • Bumped artifact actions to actions/upload-artifact@v7 and actions/download-artifact@v8 in relevant workflows.
  • Updated tarmojussila/minimax-code-review from v0.3.0 to v0.4.0.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/numbarrow_release.yml Updates checkout/setup-python and artifact action pins for release build/publish jobs.
.github/workflows/numbarrow_ci.yml Updates checkout/setup-python pins in Linux/Windows matrix and macOS CI jobs.
.github/workflows/docs.yml Updates checkout/setup-python pins for docs build/deploy workflow.
.github/workflows/doc-codeblock-flake8.yml Updates checkout/setup-python pins for doc codeblock lint workflow.
.github/workflows/link-check.yml Updates checkout and upload-artifact pins for link check reporting.
.github/workflows/minimax_code_review.yml Updates minimax code review action pin to v0.4.0.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@nelson2005 nelson2005 merged commit dbfe447 into main May 23, 2026
23 checks passed
@nelson2005 nelson2005 deleted the chore/bump-actions-node24 branch May 23, 2026 01:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants