Skip to content

Upgrade actions to latest#16

Merged
Ryiguchi merged 8 commits into
mainfrom
upgrade-actions-to-latest
Jun 26, 2026
Merged

Upgrade actions to latest#16
Ryiguchi merged 8 commits into
mainfrom
upgrade-actions-to-latest

Conversation

@Ryiguchi

Copy link
Copy Markdown
Contributor

No description provided.

Ryiguchi and others added 8 commits June 26, 2026 11:18
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Keep explicit cache: on CI steps (v6 limits auto-cache to npm only, so
pnpm/yarn need the explicit input). Add package-manager-cache: false to
the act-only steps to preserve their deliberate no-cache behavior under act.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…o v9.0.0

Both are SHA-only bumps for our usage:
- cache: v5 moved to node24, v6 is an internal ESM migration; our path/key
  usage is unaffected.
- github-script: v9's breaking changes are all @actions/github / getOctokit
  related; our script only uses the os/path Node built-ins.

Note: cache v6.0.0 released ~3 days ago — holding off merge a day to clear
the 3-day release-age policy.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- docker/login-action v3.7.0 -> v4.2.0
- docker/setup-buildx-action v3.12.0 -> v4.1.0
- docker/build-push-action v5.4.0 -> v7.2.0

All SHA-only for our usage. build-push v6+ auto-adds a Build Summary panel
to the run page (kept on by default); our image-tag output plumbing via
$GITHUB_OUTPUT is unaffected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- 1password/install-cli-action v1.0.0 -> v4.0.0
- 1password/load-secrets-action/configure v2.0.0 -> v4.0.1

SHA-only for our usage: we install the CLI and use the /configure subpath
to set up auth via OP_SERVICE_ACCOUNT_TOKEN; we don't use the secret-export
path that changed in v3/v4.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…n default

v4+ errors on a mismatch between the version input and the packageManager
field in package.json. Remove the stale default: "8" so packageManager is
the single source of truth when pnpm_version isn't passed; kept the input
optional (required: false) since npm/bun consumers don't use it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Base action and /preview subpath v8.2.1 -> v9.0.0. Only breaking change is
the Node 24 tooling bump (runner floor satisfied on hosted runners).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Only change is the Node 24 runtime bump; our url/max-attempts/retry inputs
are unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 26, 2026 10:35

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates multiple GitHub Actions workflows and composite actions to newer upstream action versions, primarily to keep CI tooling current and pick up upstream fixes/security improvements.

Changes:

  • Bumped pinned SHAs for several commonly used actions (checkout, setup-node, cache, pnpm setup, 1Password, Docker actions, Expo actions).
  • Adjusted pnpm_version input docs in test-in-parallel to rely on packageManager from package.json rather than a fixed default.
  • Added package-manager-cache: false for actions/setup-node when running under ACT.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
workflows/test-in-parallel.yml Upgrades checkout/setup-node/pnpm/1Password actions; changes pnpm_version input behavior/docs
workflows/expo-publish-pr.yml Upgrades checkout/cache/github-script/expo/1Password actions
actions/healthcheck/action.yml Upgrades url-health-check action v4 → v5
actions/docker-build/action.yml Upgrades Docker login/buildx/build-push actions to newer versions
.github/workflows/validate-yaml.yml Upgrades checkout action version used by lint workflows
.github/workflows/validate-plugins.yml Upgrades checkout action version used by plugin validation workflow

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines 30 to +33
pnpm_version:
required: false
type: string
default: "8"
description: If using pnpm - which version to use
description: If using pnpm - which version to use (defaults to the packageManager field in package.json)
Comment thread workflows/test-in-parallel.yml
Comment thread workflows/expo-publish-pr.yml
Comment thread workflows/expo-publish-pr.yml
@Ryiguchi Ryiguchi merged commit 2f1c0a4 into main Jun 26, 2026
5 checks passed
@Ryiguchi Ryiguchi deleted the upgrade-actions-to-latest branch June 26, 2026 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants