Tedhar/nightly azurite#1869
Merged
Merged
Conversation
GitHub is forcing Actions runners to Node.js 24 on June 16, 2026, which deprecates every action whose action.yml declares `using: node20`. Bumped all official actions to their first Node 24 release: actions/checkout v4 -> v6 actions/cache v4 -> v5 actions/setup-dotnet v4 -> v5 actions/setup-node v4 -> v6 actions/upload-artifact v4 -> v7 actions/download-artifact v4 -> v8 github/codeql-action/init v3 -> v4 github/codeql-action/analyze v3 -> v4 Bumped all SHA-pinned 3rd-party actions to the verified Node 24 SHA of their current `latest` release (preserving the project's policy of pinning 3rd-party actions by commit SHA for security): dorny/paths-filter -> v4.0.1 benchmark-action/github-action-benchmark -> v1.22.1 peaceiris/actions-gh-pages -> v4.1.0 docker/metadata-action -> v6.1.0 docker/setup-qemu-action -> v4.1.0 docker/setup-buildx-action -> v4.1.0 docker/login-action -> v4.2.0 docker/build-push-action -> v7.2.0 azure/setup-helm -> v5.0.0 Each new SHA was verified by inspecting the action.yml at that ref and confirming `using: node24`. Co-authored-by: Copilot <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request updates several GitHub Actions workflow files to newer major versions (and, for some third-party actions, newer pinned commit SHAs) to keep the CI/CD pipelines current, and also adjusts the Azurite startup command used in nightly Tsavorite tests.
Changes:
- Bumped core Actions across CI/nightly/benchmarking workflows (e.g.,
actions/checkout,actions/setup-dotnet,actions/cache,actions/setup-node, artifact upload/download). - Updated pinned SHAs for several third-party actions (e.g., docker actions, paths-filter, gh-pages deploy, helm setup).
- Updated Azurite invocation in nightly Tsavorite tests to include
--skipApiVersionCheck.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/squash-benchmark-branches.yml | Updates checkout action version used by the branch-squash maintenance workflow. |
| .github/workflows/nightly.yml | Updates checkout/dotnet/node/cache/artifact actions and adjusts Azurite startup flags for nightly tests. |
| .github/workflows/locker.yml | Updates checkout action version used to fetch the locker action repo. |
| .github/workflows/helm-chart.yml | Updates checkout action and bumps pinned SHA for azure/setup-helm. |
| .github/workflows/docker-windows.yml | Updates checkout and bumps pinned SHAs for Docker metadata/login actions. |
| .github/workflows/docker-linux.yml | Updates checkout and bumps pinned SHAs for Docker metadata/qemu/buildx/login/build-push actions. |
| .github/workflows/deploy-website.yml | Updates checkout/setup-node versions and updates pinned SHA for GitHub Pages deploy action. |
| .github/workflows/codeql.yml | Updates checkout/setup-dotnet and CodeQL init/analyze actions to newer major versions. |
| .github/workflows/ci.yml | Broad updates to checkout/dotnet/cache/node/artifact actions (plus pinned SHA bumps for paths-filter). |
| .github/workflows/ci-bdnbenchmark.yml | Updates checkout/dotnet/artifact actions and bumps pinned SHA for github-action-benchmark. |
badrishc
approved these changes
Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the versions of several GitHub Actions used across multiple workflow files to their latest major versions, with updated pinned commit SHAs for security and stability. The changes affect CI, benchmarking, deployment, CodeQL analysis, and Docker build workflows, ensuring the project uses up-to-date and supported action versions.
CI and Benchmarking Workflows:
actions/checkoutto v6,actions/setup-dotnetto v5,actions/cacheto v5,actions/upload-artifactto v7,actions/download-artifactto v8, andactions/setup-nodeto v6 in.github/workflows/ci.ymland.github/workflows/ci-bdnbenchmark.yml. Also updated third-party actions likedorny/paths-filterandbenchmark-action/github-action-benchmarkto newer pinned SHAs. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]Deployment and Website Workflows:
actions/checkoutto v6,actions/setup-nodeto v6, andpeaceiris/actions-gh-pagesto a newer pinned SHA in.github/workflows/deploy-website.yml. [1] [2] [3]Code Quality and Security Analysis:
actions/checkoutto v6,actions/setup-dotnetto v5, andgithub/codeql-actionsteps to v4 in.github/workflows/codeql.yml. [1] [2] [3]Docker Build Workflows:
.github/workflows/docker-linux.yml, includingdocker/metadata-action,docker/setup-qemu-action,docker/setup-buildx-action,docker/login-action, anddocker/build-push-action. [1] [2]These updates help maintain security, compatibility, and support for the project's CI/CD pipelines.