chore(deps): bump actions/deploy-pages from 4 to 5#39
Conversation
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 4 to 5. - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@v4...v5) --- updated-dependencies: - dependency-name: actions/deploy-pages dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
📝 WalkthroughWalkthroughThe workflow deployment step is updated to use ChangesGitHub Pages Deployment Action Upgrade
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/deploy.yml:
- Line 82: The workflow is using actions/upload-pages-artifact@v5 and
actions/deploy-pages@v5 which have reported issues causing empty/incorrect
deployments; update both usages to a known-good version (recommend using `@v4`) or
pin each action to a specific stable SHA/revision instead of the `@v5` floating
tag, and ensure both upload and deploy actions are moved together (e.g., change
actions/upload-pages-artifact and actions/deploy-pages references to the same
stable `@v4` tag or specific commit SHAs) to prevent mismatched versions and
optionally add SHA pinning for security.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 28de1a48-9237-41bd-b2ef-84acaab50c66
📒 Files selected for processing (1)
.github/workflows/deploy.yml
| - name: Deploy to GitHub Pages | ||
| id: deployment | ||
| uses: actions/deploy-pages@v4 | ||
| uses: actions/deploy-pages@v5 |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
actions/deploy-pages v5 breaking changes and latest version
💡 Result:
The latest version of actions/deploy-pages as of June 4, 2026, is v5.0.0, released on March 25, 2026 [1][2]. Regarding breaking changes and stability: - Nature of Changes: The v5.0.0 release primarily focused on updating the Node.js runtime to version 24.x [1][2]. It also included various maintenance updates, dependency bumps, and improvements to the release process (e.g., publishing to immutable action packages) [1][2]. - Reported Compatibility Issues: Following its release, some users have reported potential compatibility issues, specifically when used in conjunction with actions/upload-pages-artifact v5.0.0 [3]. Reports indicate that in certain production workflows, these versions resulted in successful deployment runs that served incorrect or empty content [3]. - Mitigation: Due to these reported issues, some projects—such as Azure's awesome-azd repository—have rolled back their production workflows to use v4 [3][4]. If you experience issues after upgrading to v5, it is recommended to revert both actions/deploy-pages and actions/upload-pages-artifact to their respective v4 versions, as they are intended to be used together [3]. - Best Practices: It is highly recommended to pin your actions to specific, immutable commit SHAs in production environments rather than relying on major version tags, which can protect your deployment pipeline from unexpected changes [3]. Always perform a deployment test when upgrading core infrastructure components [3].
Citations:
- 1: https://github.com/actions/deploy-pages/releases/tag/v5.0.0
- 2: https://github.com/actions/deploy-pages/releases
- 3: https://en.ittrip.xyz/tool/github-actions-pages-v5
- 4: Revert Pages actions v4->v5 in release.yml to fix broken prod deploy Azure/awesome-azd#883
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/deploy.yml"
echo "=== Deploy workflow actions (lines around uses:) ==="
# show only relevant action uses lines to identify upload-pages-artifact version
rg -n "uses:\s*actions/(deploy-pages|upload-pages-artifact)@" "$FILE" || true
echo
echo "=== Context around deploy-pages@... ==="
rg -n -C 3 "uses:\s*actions/deploy-pages@" "$FILE" || true
echo
echo "=== Context around upload-pages-artifact@... ==="
rg -n -C 3 "uses:\s*actions/upload-pages-artifact@" "$FILE" || trueRepository: OpenDevFlow/md-latex
Length of output: 669
🌐 Web query:
actions/deploy-pages latest v5.x release notes upload-pages-artifact v5 compatibility fix
💡 Result:
The v5.x releases of the GitHub Pages actions were issued to modernize the environment, specifically targeting Node.js 24 compatibility and artifact upload improvements [1][2]. actions/deploy-pages v5.0.0 Released on March 25, 2026, this version primarily updated the action's execution environment to Node.js 24 [1]. It includes various maintenance updates and internal improvements but does not contain major breaking changes to the core deployment logic [1][3]. actions/upload-pages-artifact v5.0.0 Released on April 10, 2026, this version introduced a critical update to use actions/upload-artifact@v7 [2]. This change was necessary to resolve issues with the Node.js punycode deprecation warnings and to improve general artifact handling [4]. The release also added a new input, include-hidden-files [2]. Compatibility and Known Issues While these versions are intended to be the latest standards, some users have reported production deployment issues when migrating to v5, such as serving incorrect content or empty artifacts [5]. In some cases, repositories have reverted to v4 to maintain stability while these issues are investigated [6][5]. If you experience issues, ensure that both actions are updated together, as mixing versions can lead to compatibility problems between the artifact upload and deployment steps [5]. Additionally, ensure your workflow configuration is compatible with the new input options in v5.0.0 [5].
Citations:
- 1: https://github.com/actions/deploy-pages/releases/tag/v5.0.0
- 2: https://github.com/actions/upload-pages-artifact/releases/tag/v5.0.0
- 3: actions/deploy-pages@v4...v5
- 4: Please publish a new release tag with current main (includes upload-artifact@v7 + punycode fix) actions/upload-pages-artifact#142
- 5: https://en.ittrip.xyz/tool/github-actions-pages-v5
- 6: Revert Pages actions v4->v5 in release.yml to fix broken prod deploy Azure/awesome-azd#883
🌐 Web query:
actions/upload-pages-artifact v5 release notes incorrect empty content when used with deploy-pages v5.0.0
💡 Result:
Reports indicate that users upgrading to actions/upload-pages-artifact v5.0.0 and actions/deploy-pages v5.0.0 have experienced issues where GitHub Pages deployments appear successful in workflow logs but result in empty, incorrect, or stale content on the live site [1]. This behavior has been documented in technical community reports, where users observed that even though the CI pipeline reported a successful deployment, the production site served unexpected files (such as a raw README.md instead of a rendered site) [1]. In some instances, this led teams to revert both actions to version 4 to restore functional deployments [1][2]. While there are no official release notes specifically detailing an "empty content" bug, the version 5 releases introduced significant dependency changes: - actions/upload-pages-artifact v5.0.0 updated its underlying upload-artifact dependency to version 7 [3][4]. - actions/deploy-pages v5.0.0 included updates to Node.js 24 and other maintenance changes [5]. The incompatibility between the artifacts produced by the upgraded upload action and those consumed by the deploy action is the suspected cause of these deployment failures [1]. If you are encountering this issue, the recommended mitigation documented by affected users is to roll back both actions to their previous stable versions (v4) until a verified fix is available [1][2].
Citations:
- 1: https://en.ittrip.xyz/tool/github-actions-pages-v5
- 2: Revert Pages actions v4->v5 in release.yml to fix broken prod deploy Azure/awesome-azd#883
- 3: https://github.com/actions/upload-pages-artifact/releases/tag/v5.0.0
- 4: actions/upload-pages-artifact@v4...v5
- 5: https://github.com/actions/deploy-pages/releases/tag/v5.0.0
Check Pages action v5 compatibility (possible empty/incorrect deployments)
This workflow uses actions/upload-pages-artifact@v5 (line 69) together with actions/deploy-pages@v5 (line 82). Reported issues for the v5.0.0 pair include successful workflow runs that deploy empty/incorrect/stale content; the suggested mitigation is rolling back both actions to v4 (or pinning to a known-good revision) until the issue is resolved.
Also, @v5 remains unpinned (SHA pinning is a best-practice security hardening; optional unless repo policy requires it).
🧰 Tools
🪛 zizmor (1.25.2)
[error] 82-82: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/deploy.yml at line 82, The workflow is using
actions/upload-pages-artifact@v5 and actions/deploy-pages@v5 which have reported
issues causing empty/incorrect deployments; update both usages to a known-good
version (recommend using `@v4`) or pin each action to a specific stable
SHA/revision instead of the `@v5` floating tag, and ensure both upload and deploy
actions are moved together (e.g., change actions/upload-pages-artifact and
actions/deploy-pages references to the same stable `@v4` tag or specific commit
SHAs) to prevent mismatched versions and optionally add SHA pinning for
security.
Bumps actions/deploy-pages from 4 to 5.
Release notes
Sourced from actions/deploy-pages's releases.
... (truncated)
Commits
cd2ce8fMerge pull request #404 from salmanmkc/node24bbe2a95Update Node.js version to 24.x854d7aaMerge pull request #374 from actions/Jcambass-patch-1306bb81Add workflow file for publishing releases to immutable action packageb742728Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...7273294Bump braces in the npm_and_yarn group across 1 directory963791fMerge pull request #361 from actions/dependabot-friendly51bb29dMake the rebuild dist workflow safer for Dependabot89f3d10Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...bce7355Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by CodeRabbit