-
Notifications
You must be signed in to change notification settings - Fork 0
chore: update all GitHub Actions to latest major versions #4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -35,7 +35,7 @@ jobs: | |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@v6 | ||
| - name: Derive version string | ||
| id: bin_version | ||
| run: echo "bin_version=$(./.version.sh)" >> "$GITHUB_OUTPUT" | ||
|
|
@@ -96,16 +96,16 @@ jobs: | |
| pull-requests: write | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4.2.2 | ||
| uses: actions/checkout@v6 | ||
| - name: Run MegaLinter | ||
| uses: oxsecurity/megalinter@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 | ||
| uses: oxsecurity/megalinter@8fbdead70d1409964ab3d5afa885e18ee85388bb # v9.4.0 | ||
| env: | ||
| # See https://megalinter.io/configuration and .mega-linter.yml | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| APPLY_FIXES_MODE: commit | ||
| - name: Archive MegaLinter artifacts | ||
| if: ( !env.ACT && ( success() || failure() ) ) | ||
| uses: actions/upload-artifact@v4.6.2 | ||
| uses: actions/upload-artifact@v7 | ||
| with: | ||
| name: MegaLinter artifacts | ||
| path: | | ||
|
|
@@ -122,38 +122,38 @@ jobs: | |
| packages: write | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@v6 | ||
|
|
||
| - name: Login to GHCR | ||
| if: needs.meta.outputs.is_pull_request != 'true' | ||
| uses: docker/login-action@v3 | ||
| uses: docker/login-action@v4 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Login to Docker Hub | ||
| if: needs.meta.outputs.is_pull_request != 'true' | ||
| uses: docker/login-action@v3 | ||
| uses: docker/login-action@v4 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| uses: docker/setup-qemu-action@v4 | ||
| with: | ||
| platforms: all | ||
|
|
||
| - name: Set up Docker Buildx | ||
| id: buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| uses: docker/setup-buildx-action@v4 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: The latest version of docker/setup-buildx-action is v4.0.0, released on 2026-03-05. Breaking changes between v3 (v3.12.0) and v4.0.0: - Node.js runtime upgraded to Node 24 (requires GitHub Actions Runner v2.327.1+). - Removed deprecated inputs: config, config-inline (use buildkitd-config and buildkitd-config-inline instead), and install (use BUILDX_BUILDER env var or direct docker buildx commands). - Removed deprecated outputs: flags (use nodes output instead). - Internal changes: Switched to ESM, updated dependencies like Citations:
Review the breaking changes between v3 and v4 to ensure workflow compatibility. The update to
Verify that the workflow does not rely on these removed inputs/outputs and that the GitHub Actions runner version meets the new requirements. 🤖 Prompt for AI Agents |
||
|
|
||
| - name: Available platforms | ||
| run: echo ${{ steps.buildx.outputs.platforms }} | ||
|
|
||
| - name: Docker meta | ||
| id: docker_meta | ||
| uses: docker/metadata-action@v5 | ||
| uses: docker/metadata-action@v6 | ||
| with: | ||
| images: | | ||
| ${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.bin_name }} | ||
|
|
@@ -166,7 +166,7 @@ jobs: | |
| type=semver,pattern={{major}} | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v5 | ||
| uses: docker/build-push-action@v7 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: The latest version of docker/build-push-action is v7.1.0, released on 2026-04-10. Citations:
🌐 Web query:
💡 Result: There is no official dedicated migration guide from v5 to v7 for docker/build-push-action. Breaking changes and migration steps must be derived from release notes and changelogs across v5.x, v6.x, and v7.0.0. Key breaking changes in v7.0.0 (released 2026-03-05) from prior versions (including v5 and v6): 1. Node 24 as default runtime - Requires GitHub Actions Runner v2.327.1 or later. Update your runner if using self-hosted, or use GitHub-hosted runners which support it. 2. Removed deprecated environment variables: - DOCKER_BUILD_NO_SUMMARY (use DOCKER_BUILD_SUMMARY=false instead, deprecated earlier in v6.3.0) - DOCKER_BUILD_EXPORT_RETENTION_DAYS 3. Removed legacy export-build tool support for build summary (build record now uses buildx history export since v6.17.0). Other notable changes from v5 to v6/v7 (non-breaking but require awareness): - Switch to ESM (internal, should not affect users). - Dependency bumps: Citations:
Review breaking changes before updating to The upgrade from v5 to v7.1.0 introduces breaking changes:
Ensure your workflow and self-hosted runners (if applicable) are compatible with these changes. Standard workflow inputs remain backward compatible. 🤖 Prompt for AI Agents |
||
| with: | ||
| context: . | ||
| file: ./Dockerfile | ||
|
|
@@ -180,7 +180,7 @@ jobs: | |
|
|
||
| - name: Update Docker Hub description | ||
| if: needs.meta.outputs.is_release == 'true' | ||
| uses: peter-evans/dockerhub-description@v3 | ||
| uses: peter-evans/dockerhub-description@v5 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: The latest version of peter-evans/dockerhub-description is v5.0.0, released on 2025-10-01. Breaking changes between v3 and v5 primarily involve runtime updates and dependency changes that require updated GitHub Actions runner versions: - v4.0.0 (from v3.4.2): Updated runtime to Node.js 20, requiring Actions runner v2.308.0 or later. - v5.0.0 (from v4.0.2): Updated runtime to Node.js 24, requiring Actions runner v2.327.1 or later (for self-hosted runners). Also updated Docker Hub auth endpoint from /v2/users/login (deprecated) to /v2/auth/token, switched to native fetch, bumped actions/checkout, actions/setup-node, etc. from v4 to v5. No explicit API/input breaking changes listed in release notes; action inputs appear consistent (e.g., username, password, repository, short-description, readme-filepath, enable-url-completion, image-extensions). Users on older runners may need updates for compatibility. Last repo push was 2026-04-01, but no newer release. Citations:
Verify GitHub Actions runner compatibility with v5.0.0's breaking changes.
Ensure your CI/CD runners meet the new version requirements before merging. 🤖 Prompt for AI Agents |
||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
|
@@ -196,10 +196,10 @@ jobs: | |
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@v6 | ||
|
|
||
| - name: Setup Go | ||
| uses: actions/setup-go@v5.5.0 | ||
| uses: actions/setup-go@v6 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: Latest version: v6.4.0 (released 2026-03-30). Breaking changes between v5 and v6: 1) Node.js runtime upgrade for the action: v6 upgrades the action runtime from Node 20 to Node 24. It also notes an action-required requirement that runners be on v2.327.1 or later for compatibility. 2) Enhanced Go toolchain handling: v6 supports reading both go and toolchain directives from go.mod; if the toolchain directive is present, v6 uses that exact version. (V5 did not have this toolchain-directive behavior.) 3) Cache key change for Go modules: v6 changes the default cache key inputs so Go module caching is based on go.mod by default; if you want to use go.sum instead, you must set cache-dependency-path accordingly. 4) Version resolution behavior improvements: v6 documents an updated resolution order (local cache → go-versions repository → direct download from go.dev) and uses the toolchain directive version (when present) as part of version resolution. Citations:
Address breaking changes in Upgrading from v5 to v6.4.0 introduces multiple breaking changes:
Verify your environment meets the runner version requirement and adjust cache configuration if necessary. 🤖 Prompt for AI Agents |
||
| with: | ||
| go-version: stable | ||
| - name: Go version | ||
|
|
@@ -225,7 +225,7 @@ jobs: | |
| cp ./*.deb ./gh-release/ | ||
| find . -name '${{ needs.meta.outputs.bin_name }}-*' -executable -type f -maxdepth 1 -print0 | xargs -0 -I {} tar --transform='flags=r;s|.*|${{ needs.meta.outputs.bin_name }}|' -czvf ./gh-release/{}.tar.gz {} | ||
| - name: Upload binaries & packages | ||
| uses: actions/upload-artifact@v4 | ||
| uses: actions/upload-artifact@v7 | ||
| with: | ||
| name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts | ||
| path: out/gh-release/* | ||
|
|
@@ -241,15 +241,15 @@ jobs: | |
| contents: write | ||
| steps: | ||
| - name: Download binaries & packages | ||
| uses: actions/download-artifact@v4 | ||
| uses: actions/download-artifact@v8 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: Latest version (as of 2026-04-27): actions/download-artifact@v8.0.1. Breaking changes between v4 and v8: 1) v4 -> v8 are incompatible with each other’s artifact formats: artifacts created with versions v3 and below are not compatible with v4 actions (so upgrading only download may break). This is explicitly called out in the v4 release notes. 2) ESM migration (breaking/behavior change for forks): v8 migrates to an ESM module; callers should be unaffected, but forks might need significant changes. 3) Hash/digest mismatch enforcement (breaking): in v8, hash mismatches now error by default (previously they were warnings). You can override via the digest-mismatch parameter. 4) “Direct downloads” / decompression behavior change (breaking): v8 will check Content-Type before attempting to unzip downloaded content; it skips non-zipped files. A new skip-decompress parameter was added to control downloading zipped files “as-is”. Citations:
🏁 Script executed: cat -n .github/workflows/main.yml | sed -n '240,250p'Repository: cdzombak/gallerygen Length of output: 457 🏁 Script executed: cat -n .github/workflows/main.yml | sed -n '279,289p'Repository: cdzombak/gallerygen Length of output: 493 🌐 Web query:
💡 Result: There are no breaking changes to the 'name' parameter itself between actions/download-artifact v4 and v8. The 'name' input remains optional, used to specify the artifact name to download (or all artifacts if unspecified), with the same description and behavior in both versions. Key v8 changes (released Feb 2026) are: - Default digest mismatch behavior changed to 'error' (new 'digest-mismatch' input: ignore/info/warn/error). - Skips unzipping non-zipped files based on Content-Type (to support upload-artifact direct uploads); new 'skip-decompress' input to download zips as-is. - Migrated to ESM module (transparent to users). Earlier changes (v5, 2025): Fixed path for single artifact by ID to be direct (not nested), but does not affect 'name'. The 'name' parameter is fully compatible. Workflows using 'name' in v4 will work unchanged in v8, except potential impacts from new defaults if hash mismatches occur or non-zipped artifacts are downloaded. Citations:
The
Verify the artifacts produced by the upload step don't trigger either scenario. 🤖 Prompt for AI Agents |
||
| with: | ||
| name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts | ||
| path: out | ||
| - name: List artifacts | ||
| working-directory: out | ||
| run: ls -R | ||
| - name: Create GitHub release | ||
| uses: softprops/action-gh-release@v2 | ||
| uses: softprops/action-gh-release@v3 | ||
| with: | ||
| files: out/${{ needs.meta.outputs.bin_name }}-* | ||
| prerelease: ${{ needs.meta.outputs.is_prerelease == 'true' }} | ||
|
|
@@ -265,9 +265,9 @@ jobs: | |
| contents: write | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| uses: actions/checkout@v6 | ||
| - name: Update running major/minor version tags | ||
| uses: sersoft-gmbh/running-release-tags-action@v3 | ||
| uses: sersoft-gmbh/running-release-tags-action@v4 | ||
| with: | ||
| fail-on-non-semver-tag: true | ||
| create-release: false | ||
|
|
@@ -280,7 +280,7 @@ jobs: | |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Download binaries & packages | ||
| uses: actions/download-artifact@v4 | ||
| uses: actions/download-artifact@v8 | ||
| with: | ||
| name: ${{ needs.meta.outputs.bin_name }} Binary Artifacts | ||
| path: out | ||
|
|
@@ -289,7 +289,7 @@ jobs: | |
| working-directory: out | ||
|
|
||
| - name: Login to Tailscale | ||
| uses: tailscale/github-action@v3 | ||
| uses: tailscale/github-action@v4 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: Latest version (as of 2026-04-27): tailscale/github-action v4.1.2. Breaking changes between v3 and v4: 1) Action implementation/runtime changed: v4 is a TypeScript-based GitHub Action (not the prior bash-based runner). This also means the action requires runners capable of installing Node.js 24. 2) New/changed behavior at workflow end: v4 automatically runs tailscale logout when the workflow completes (enabled by default), which was not available in bash-based actions. 3) New functionality: v4 adds a ping input/parameter to block the workflow until connectivity and DNS resolution for specified tailnet devices is ready. 4) Caching behavior: v4 enables binary caching by default (speed/reliability improvement vs the bash-based implementation). Citations:
Verify tailscale/github-action v4 breaking changes and compatibility. v4.1.2 exists (confirmed). Review these breaking changes:
Ensure your workflow and runners support Node.js 24 and review whether automatic logout and caching changes affect your use case. 🤖 Prompt for AI Agents |
||
| with: | ||
| oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} | ||
| oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} | ||
|
|
@@ -325,7 +325,7 @@ jobs: | |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Release to ${{ needs.meta.outputs.brewtap_owner }}/${{ needs.meta.outputs.brewtap_name }} tap | ||
| uses: Justintime50/homebrew-releaser@ae8677299789c63078cc7952583734336eced9e1 | ||
| uses: Justintime50/homebrew-releaser@a62d7a359683bfc047cdb2431f53ee58241464d1 # v3.3.0 | ||
| with: | ||
| homebrew_owner: ${{ needs.meta.outputs.brewtap_owner }} | ||
| homebrew_tap: homebrew-${{ needs.meta.outputs.brewtap_name }} | ||
|
|
@@ -349,7 +349,7 @@ jobs: | |
| needs: [meta, docker, binaries, release, aptly, homebrew] | ||
| steps: | ||
| - name: Send success notification | ||
| uses: niniyas/ntfy-action@9c6dc60073292f562769f83df2ace9f64ab31c78 | ||
| uses: niniyas/ntfy-action@2ebc39afb288e8b01804a6ec1be0db2e7a458387 # V1.0.5 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
# Verify ntfy-action SHA matches the v1.0.5 tag
git clone --depth 1 --branch v1.0.5 https://github.com/niniyas/ntfy-action.git /tmp/ntfy-action 2>/dev/null
cd /tmp/ntfy-action
git rev-parse HEADRepository: cdzombak/gallerygen Length of output: 189 SHA for ntfy-action does not match v1.0.5 release tag. The workflow file pins 🤖 Prompt for AI Agents
Owner
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Manually confirmed that this PR is correct: https://github.com/NiNiyas/ntfy-action/releases/tag/V1.0.5 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
✏️ Learnings added
|
||
| if: ${{ !contains(needs.*.result, 'failure') && (needs.meta.outputs.is_release == 'true' || needs.meta.outputs.is_prerelease == 'true') }} | ||
| with: | ||
| url: "https://ntfy.cdzombak.net" | ||
|
|
@@ -360,7 +360,7 @@ jobs: | |
| title: ${{ github.event.repository.name }} ${{ needs.meta.outputs.bin_version }} available | ||
| details: ${{ github.event.repository.name }} version ${{ needs.meta.outputs.bin_version }} is now available. | ||
| - name: Send failure notification | ||
| uses: niniyas/ntfy-action@9c6dc60073292f562769f83df2ace9f64ab31c78 | ||
| uses: niniyas/ntfy-action@2ebc39afb288e8b01804a6ec1be0db2e7a458387 # V1.0.5 | ||
| if: ${{ contains(needs.*.result, 'failure') }} | ||
| with: | ||
| url: "https://ntfy.cdzombak.net" | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🌐 Web query:
What is the latest version of docker/setup-qemu-action and what breaking changes exist between v3 and v4?💡 Result:
The latest version of docker/setup-qemu-action is v4.0.0, released on 2026-03-04. Breaking changes between v3 (latest v3.7.0) and v4: - Node.js runtime changed from 20 to 24 (requires GitHub Actions runner v2.327.1+) - Switched to ESM (ECMAScript Modules) - Updated
@actions/coreto ^3.0.0 (major version bump, potential API changes but action updated successfully) - Updated@docker/actions-toolkitto ^0.77.0 - Other dependency updates and internal tooling changes (eslint, vitest, etc.) No explicit migration guide found; changes are primarily internal with no documented user-facing API alterations. Usage remains the same: uses: docker/setup-qemu-action@v4. Ensure runner supports Node 24.Citations:
docker/setup-qemu-action@v4.0.0 requires GitHub Actions runners with Node.js 24 support.
The upgrade to v4.0.0 changes the Node.js runtime from 20 to 24, requiring GitHub Actions runner v2.327.1 or later. Verify that your runner configuration meets this requirement, or pin to v3.7.0 if upgrading the runner is not feasible.
🤖 Prompt for AI Agents