[8.4] Bump GitHub Actions to Node 24 compatible versions [MOD-15112] #948
[8.4] Bump GitHub Actions to Node 24 compatible versions [MOD-15112] #948github-actions[bot] wants to merge 1 commit into8.4from
Conversation
[MOD-15112] Bump GitHub Actions to Node 24 compatible versions Migrate all JavaScript-based GitHub Actions to versions running on the Node 24 runtime ahead of the June 2, 2026 Node 20 deprecation. - actions/checkout v4 -> v6 - actions/setup-python v5 -> v6 - actions/upload-artifact v4 -> v7 - aws-actions/configure-aws-credentials v4 -> v6 - machulav/ec2-github-runner v2.4.2 -> v2.6.1 - codecov/codecov-action v4 -> v6 - github/codeql-action/* v3 -> v4 - korthout/backport-action v3 -> v4 - release-drafter/release-drafter v6 -> v7 - slackapi/slack-github-action v1 -> v3 (input-based webhook config) (cherry picked from commit 369f14f)
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 12a1622. Configure here.
| - name: Start EC2 runner | ||
| id: start-ec2-runner | ||
| uses: machulav/ec2-github-runner@v2.4.2 | ||
| uses: machulav/ec2-github-runner@v2.6.1 |
There was a problem hiding this comment.
Non-existent action version referenced for EC2 runner
High Severity
machulav/ec2-github-runner@v2.6.1 does not appear to exist as a published tag or release. The latest available version is v2.5.2. This will cause all workflows using this action (arm, benchmark-runner, and coverage, including their stop-runner jobs) to fail immediately when GitHub Actions attempts to download the action.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 12a1622. Configure here.
| steps: | ||
| # Drafts your next Release notes as Pull Requests are merged into "master" | ||
| - uses: release-drafter/release-drafter@v6 | ||
| - uses: release-drafter/release-drafter@v7 |
There was a problem hiding this comment.
Stale GITHUB_TOKEN env var ignored by release-drafter v7
Low Severity
release-drafter/release-drafter@v7 replaced the GITHUB_TOKEN environment variable with a token input (which defaults to ${{ github.token }}). The env: GITHUB_TOKEN block on this step is now dead code — the action ignores it. The workflow still functions because the default token value is equivalent, but the env var is misleading.
Reviewed by Cursor Bugbot for commit 12a1622. Configure here.
1 participant
Description
Backport of #947 to
8.4.Note
Medium Risk
Moderate risk because it updates multiple CI workflows’ third-party actions (runner provisioning, CodeQL, Codecov, artifacts, Slack), which can change behavior and potentially break builds or notifications.
Overview
Updates GitHub Actions workflows to Node 24–compatible action versions across CI, coverage, ARM/benchmark self-hosted EC2 runner provisioning, CodeQL, release drafting, and backport automation.
Also updates nightly failure Slack notifications to
slackapi/slack-github-action@v3, switching fromSLACK_WEBHOOK_URLenv usage to explicitwebhook/webhook-typeinputs.Reviewed by Cursor Bugbot for commit 12a1622. Bugbot is set up for automated code reviews on this repo. Configure here.