From e1e5dc42db981a5c61cbc3a19633568e6ba7ab0b Mon Sep 17 00:00:00 2001 From: Val Redchenko Date: Fri, 12 Jun 2026 17:03:14 +0100 Subject: [PATCH] ci: clear Node 20 action deprecations Bump the actions still running on Node.js 20: - github/codeql-action/upload-sarif@v3 -> @v4 (leaked-secrets-scan). v3 also carries a separate 'CodeQL Action v3 deprecated Dec 2026, move to v4' warning; v4 runs on Node 24 and clears both. - softprops/action-gh-release v2.6.0 -> v3.0.0 (pinned to commit b4309332981a82ec1c5618f44dd2e27cc8bfbfda) in both release-smartem-workspace and release-smartem-epuplayer. v3.0.0 is a pure runtime bump (Node 20 -> Node 24), no functional changes. - actions/add-to-project@v1.0.2 -> @v2.0.0 (pr-admin). v2.0.0 runs on Node 24. Verified each target's action.yml declares 'using: node24'. The epuplayer softprops pin did not surface in recent annotations (stale run predating the Node 20 annotation rollout) but resolves to Node 20 statically. --- .github/workflows/leaked-secrets-scan.yml | 2 +- .github/workflows/pr-admin.yml | 2 +- .github/workflows/release-smartem-epuplayer.yml | 2 +- .github/workflows/release-smartem-workspace.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/leaked-secrets-scan.yml b/.github/workflows/leaked-secrets-scan.yml index 748d76f..be8a64f 100644 --- a/.github/workflows/leaked-secrets-scan.yml +++ b/.github/workflows/leaked-secrets-scan.yml @@ -33,7 +33,7 @@ jobs: run: gitleaks detect --source . --redact -c .gitleaks.toml -v --report-format sarif --report-path gitleaks-report.sarif - name: Upload SARIF to code scanning if: always() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: gitleaks-report.sarif category: gitleaks diff --git a/.github/workflows/pr-admin.yml b/.github/workflows/pr-admin.yml index 495a379..2a682be 100644 --- a/.github/workflows/pr-admin.yml +++ b/.github/workflows/pr-admin.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Add PR to SmartEM project - uses: actions/add-to-project@v1.0.2 + uses: actions/add-to-project@v2.0.0 with: project-url: https://github.com/orgs/DiamondLightSource/projects/51 github-token: ${{ secrets.PROJECT_TOKEN }} diff --git a/.github/workflows/release-smartem-epuplayer.yml b/.github/workflows/release-smartem-epuplayer.yml index e86a322..2b39f46 100644 --- a/.github/workflows/release-smartem-epuplayer.yml +++ b/.github/workflows/release-smartem-epuplayer.yml @@ -477,7 +477,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: Create GitHub Release - uses: softprops/action-gh-release@26e8ad27a09a225049a7075d7ec1caa2df6ff332 # v2.6.0 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: ${{ needs.version.outputs.is_stable == 'true' && format('epuplayer-v{0}', needs.version.outputs.version) || format('epuplayer-v{0}', needs.version.outputs.version) }} name: EPUPlayer v${{ needs.version.outputs.version }} diff --git a/.github/workflows/release-smartem-workspace.yml b/.github/workflows/release-smartem-workspace.yml index 3f3a29a..8933cd3 100644 --- a/.github/workflows/release-smartem-workspace.yml +++ b/.github/workflows/release-smartem-workspace.yml @@ -336,7 +336,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: Create GitHub Release - uses: softprops/action-gh-release@26e8ad27a09a225049a7075d7ec1caa2df6ff332 # v2.6.0 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: ${{ needs.version.outputs.is_stable == 'true' && format('smartem-workspace-v{0}', needs.version.outputs.version) || format('smartem-workspace-v{0}', needs.version.outputs.version) }} name: smartem-workspace v${{ needs.version.outputs.version }}