Bump GitHub Actions to Node 24 compatible versions [MOD-15112] #947
Bump GitHub Actions to Node 24 compatible versions [MOD-15112] #947
Conversation
Migrate all JavaScript-based GitHub Actions to versions running on the Node 24 runtime ahead of the June 2, 2026 Node 20 deprecation. - actions/checkout v4 -> v6 - actions/setup-python v5 -> v6 - actions/upload-artifact v4 -> v7 - aws-actions/configure-aws-credentials v4 -> v6 - machulav/ec2-github-runner v2.4.2 -> v2.6.1 - codecov/codecov-action v4 -> v6 - github/codeql-action/* v3 -> v4 - korthout/backport-action v3 -> v4 - release-drafter/release-drafter v6 -> v7 - slackapi/slack-github-action v1 -> v3 (input-based webhook config)
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
dor-forer
changed the title
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 24736b4. Configure here.
| run: make coverage | ||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v4 | ||
| uses: codecov/codecov-action@v6 # NOSONAR |
There was a problem hiding this comment.
Deprecated file input not migrated to files
Medium Severity
The codecov/codecov-action was bumped from v4 to v6, but the file input on this line was not updated to files. The file input was deprecated in v5 in favor of files. Combined with disable_search: true (which prevents automatic coverage file discovery), if the deprecated file alias stops being recognized in a future v6 patch, no coverage file will be specified or discovered, causing the upload step to silently produce no results.
Reviewed by Cursor Bugbot for commit 24736b4. Configure here.
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin 0.6
git worktree add -d .worktree/backport-947-to-0.6 origin/0.6
cd .worktree/backport-947-to-0.6
git switch --create backport-947-to-0.6
git cherry-pick -x 369f14fb01ef7b827e4242f543460a15750d82ca |
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin 0.7
git worktree add -d .worktree/backport-947-to-0.7 origin/0.7
cd .worktree/backport-947-to-0.7
git switch --create backport-947-to-0.7
git cherry-pick -x 369f14fb01ef7b827e4242f543460a15750d82ca |
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin 0.8
git worktree add -d .worktree/backport-947-to-0.8 origin/0.8
cd .worktree/backport-947-to-0.8
git switch --create backport-947-to-0.8
git cherry-pick -x 369f14fb01ef7b827e4242f543460a15750d82ca |
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin 8.2
git worktree add -d .worktree/backport-947-to-8.2 origin/8.2
cd .worktree/backport-947-to-8.2
git switch --create backport-947-to-8.2
git cherry-pick -x 369f14fb01ef7b827e4242f543460a15750d82ca |
|
Successfully created backport PR for |
2 participants
Describe the changes in the pull request
Migrate all JavaScript-based GitHub Actions in
.github/workflows/to versions running on the Node 24 runtime, ahead of the June 2, 2026 Node 20 deprecation.Version bumps:
actions/checkoutv4v6actions/setup-pythonv5v6actions/upload-artifactv4v7aws-actions/configure-aws-credentialsv4v6machulav/ec2-github-runnerv2.4.2v2.6.1codecov/codecov-actionv4v6github/codeql-action/*v3v4korthout/backport-actionv3v4release-drafter/release-drafterv6v7slackapi/slack-github-actionv1v3slackapi/slack-github-actionv1 → v3 inevent-nightly.ymlrequires an API change: theSLACK_WEBHOOK_URLenv var is replaced by explicitwebhookandwebhook-type: incoming-webhookaction inputs.rojopolis/spellcheck-github-actions@v0is left as-is (Docker-based action, not Node-based).Which issues this PR fixes
Main objects this PR modified
.github/workflows/arm.yml.github/workflows/benchmark-runner.yml.github/workflows/codeql-analysis.yml.github/workflows/coverage.yml.github/workflows/event-nightly.yml.github/workflows/event-pull_request.yml.github/workflows/release-drafter.yml.github/workflows/task-backport_pr.yml.github/workflows/task-unit-test.ymlMark if applicable
Note
Medium Risk
Moderate risk because it upgrades multiple third-party GitHub Actions across CI, including AWS runner lifecycle, CodeQL, and Codecov steps; failures would block builds or leak incomplete artifacts rather than change product behavior.
Overview
Updates CI workflows to use newer, Node 24-compatible versions of key GitHub Actions (e.g.,
actions/checkout,setup-python,upload-artifact, AWS credentials, EC2 runner management, CodeQL, Codecov, Release Drafter, and backport automation).Adjusts the nightly Slack notification step to the
slackapi/slack-github-action@v3input format by passing the webhook viawith.webhook/webhook-typeinstead of the deprecatedSLACK_WEBHOOK_URLenv var.Reviewed by Cursor Bugbot for commit 24736b4. Bugbot is set up for automated code reviews on this repo. Configure here.