Upgrade actions to latest#16
Merged
Merged
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Keep explicit cache: on CI steps (v6 limits auto-cache to npm only, so pnpm/yarn need the explicit input). Add package-manager-cache: false to the act-only steps to preserve their deliberate no-cache behavior under act. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…o v9.0.0 Both are SHA-only bumps for our usage: - cache: v5 moved to node24, v6 is an internal ESM migration; our path/key usage is unaffected. - github-script: v9's breaking changes are all @actions/github / getOctokit related; our script only uses the os/path Node built-ins. Note: cache v6.0.0 released ~3 days ago — holding off merge a day to clear the 3-day release-age policy. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- docker/login-action v3.7.0 -> v4.2.0 - docker/setup-buildx-action v3.12.0 -> v4.1.0 - docker/build-push-action v5.4.0 -> v7.2.0 All SHA-only for our usage. build-push v6+ auto-adds a Build Summary panel to the run page (kept on by default); our image-tag output plumbing via $GITHUB_OUTPUT is unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- 1password/install-cli-action v1.0.0 -> v4.0.0 - 1password/load-secrets-action/configure v2.0.0 -> v4.0.1 SHA-only for our usage: we install the CLI and use the /configure subpath to set up auth via OP_SERVICE_ACCOUNT_TOKEN; we don't use the secret-export path that changed in v3/v4. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…n default v4+ errors on a mismatch between the version input and the packageManager field in package.json. Remove the stale default: "8" so packageManager is the single source of truth when pnpm_version isn't passed; kept the input optional (required: false) since npm/bun consumers don't use it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Base action and /preview subpath v8.2.1 -> v9.0.0. Only breaking change is the Node 24 tooling bump (runner floor satisfied on hosted runners). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Only change is the Node 24 runtime bump; our url/max-attempts/retry inputs are unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Updates multiple GitHub Actions workflows and composite actions to newer upstream action versions, primarily to keep CI tooling current and pick up upstream fixes/security improvements.
Changes:
- Bumped pinned SHAs for several commonly used actions (checkout, setup-node, cache, pnpm setup, 1Password, Docker actions, Expo actions).
- Adjusted
pnpm_versioninput docs intest-in-parallelto rely onpackageManagerfrompackage.jsonrather than a fixed default. - Added
package-manager-cache: falseforactions/setup-nodewhen running underACT.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| workflows/test-in-parallel.yml | Upgrades checkout/setup-node/pnpm/1Password actions; changes pnpm_version input behavior/docs |
| workflows/expo-publish-pr.yml | Upgrades checkout/cache/github-script/expo/1Password actions |
| actions/healthcheck/action.yml | Upgrades url-health-check action v4 → v5 |
| actions/docker-build/action.yml | Upgrades Docker login/buildx/build-push actions to newer versions |
| .github/workflows/validate-yaml.yml | Upgrades checkout action version used by lint workflows |
| .github/workflows/validate-plugins.yml | Upgrades checkout action version used by plugin validation workflow |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
30
to
+33
| pnpm_version: | ||
| required: false | ||
| type: string | ||
| default: "8" | ||
| description: If using pnpm - which version to use | ||
| description: If using pnpm - which version to use (defaults to the packageManager field in package.json) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.