Skip to content

Update GitHub actions#635

Merged
marcpaterno merged 3 commits into
masterfrom
update-github-actions
May 12, 2026
Merged

Update GitHub actions#635
marcpaterno merged 3 commits into
masterfrom
update-github-actions

Conversation

@marcpaterno
Copy link
Copy Markdown
Collaborator

@marcpaterno marcpaterno commented May 6, 2026
edited
Loading

Description

The CI is currently complaining about an elderly node version used by some actions, which will begin breaking in June.
This PR updates all the Github actions to the most recent versions.

It also adds (but does not yet enable) a monthly dependabot check for new versions of actions.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

The following checklist will make sure that you are following the code style and
guidelines of the project as described in the
contributing page.

  • I have run bash pre-commit-check and fixed any issues
  • I have added tests that prove my fix is effective or that my feature works
  • I have made corresponding changes to the documentation
  • I have 100% test coverage for my changes (please check this after the CI system has verified the coverage)

marcpaterno added 3 commits May 6, 2026 09:25
@marcpaterno
Update GitHub Actions workflow actions
a203735 
Upgrade GitHub Actions steps across CI workflows to newer supported versions.
Updates checkout, setup-miniconda, paths-filter, cache restore/save, codecov,
and upload-artifact actions in ci-reusable.yml, ci.yml, and nightly.yml.

This also changes from using bare tags (e.g. @4) to exact versions (e.g
@v4.0.1). This is following the best-practices recommendation in the
Github actions documentation at:
https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions.
@marcpaterno
Add Dependabot config for GitHub Actions
496beb5 
Enable monthly grouped Dependabot updates for workflow references and
document the needed repository setting for Dependabot version updates.

This requires manual activation on the repository web site before it
will take effect.
@marcpaterno
Fix YAML indendentation errors
63269e2
@codecov
Copy link
Copy Markdown

codecov Bot commented May 6, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.0%. Comparing base (9795d7c) to head (63269e2).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #635   +/-   ##
=======================================
  Coverage   100.0%   100.0%           
=======================================
  Files         151      151           
  Lines        9057     9057           
  Branches     1035     1035           
=======================================
  Hits         9057     9057
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@marcpaterno marcpaterno marked this pull request as ready for review May 6, 2026 16:09
@marcpaterno marcpaterno requested review from Copilot and vitenti May 6, 2026 16:09
Copilot AI reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s GitHub Actions references to newer releases to avoid upcoming CI breakages due to deprecated Node runtimes in older action versions, and adds a Dependabot configuration to automate future GitHub Actions version bumps.

Changes:

  • Bumped versions for core CI actions (checkout, upload-artifact, cache restore/save, paths-filter, setup-miniconda, codecov) across CI workflows.
  • Added a Dependabot configuration to group GitHub Actions updates into a single monthly PR (requires enabling Dependabot version updates in repo settings).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
.github/workflows/nightly.yml Updates action versions used by the scheduled nightly and drift-rebuild jobs.
.github/workflows/ci.yml Updates action versions used by the PR-entry workflow and drift canary job.
.github/workflows/ci-reusable.yml Updates action versions used by the reusable CI pipeline (validation, caching, coverage upload).
.github/dependabot.yml Adds monthly grouped Dependabot updates for GitHub Actions.

@marcpaterno marcpaterno merged commit 1f5fcea into master May 12, 2026
19 checks passed
@marcpaterno marcpaterno deleted the update-github-actions branch May 12, 2026 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vitenti vitenti Awaiting requested review from vitenti

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marcpaterno @vitenti