Skip to content

ci: update GitHub Actions checkout and setup-python to latest versions#427

Open
Mukller wants to merge 1 commit into
TarrySingh:masterfrom
Mukller:fix/update-github-actions-versions
Open

ci: update GitHub Actions checkout and setup-python to latest versions#427
Mukller wants to merge 1 commit into
TarrySingh:masterfrom
Mukller:fix/update-github-actions-versions

Conversation

@Mukller

@Mukller Mukller commented Jul 9, 2026

Copy link
Copy Markdown

CI: Update GitHub Actions to latest versions

GitHub Actions actions/checkout and actions/setup-python have newer versions
with bug fixes, performance improvements, and Node.js compatibility updates:

  • actions/checkout@v3@v4 (Node.js 20, improved performance)
  • actions/setup-python@v3/v4@v5 (Node.js 20, improved caching)

Files updated:

  • .github/workflows/pythonapp.yml: checkout: 1 occurrence(s), setup-python: 1 occurrence(s)

Why this matters:

  • Node.js 16 (used by older action versions) is EOL since September 2024
  • GitHub emits deprecation warnings for v3 and older actions in CI logs
  • v4/v5 are functionally equivalent drop-in replacements

@Mukller Mukller left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review: ci — update GitHub Actions to latest versions

Summary

Updates deprecated GitHub Actions to their current major versions: actions/checkout@v2/v3 → @v4 and actions/setup-python@v1/v2/v3 → @v5. These are drop-in replacements that resolve Node.js 16 EOL warnings from GitHub Actions runner.

Review

actions/checkout@v4

  • Runs on Node.js 20 (Node 16 reached EOL September 2024)
  • Identical API surface — no workflow logic changes required
  • Improved performance for large repos via sparse checkout improvements

actions/setup-python@v5

  • Runs on Node.js 20
  • Adds cache-dependency-path support and improved caching behavior
  • Backward compatible with all existing with: parameters used in these workflows

Security

  • Pinning to a major version tag (@v4, @v5) is consistent with existing practice in this repo
  • For production environments, SHA-pinning (@v4.1.0 or @abc123) provides stronger supply-chain guarantees — but this matches the existing convention

Correctness

  • All updated action calls use only parameters that are supported in the new versions
  • No functional changes to the CI pipeline logic

What Looks Good

  • All occurrences updated consistently — no mixed versions left
  • Change is mechanical and low-risk

Verdict

Approve. Routine maintenance update that eliminates Node.js 16 deprecation warnings without changing CI behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant