chore: bump checkout@v2->v4 and setup-python@v1->v5#60
Conversation
Both were forced onto Node 24 with deprecation warnings (Node 20 EOL on GitHub runners). persist-credentials: false is retained so the deploy step keeps using its own token.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ef9cc04549
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| steps: | ||
| - name: Checkout 🛎️ | ||
| uses: actions/checkout@v2 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly. | ||
| uses: actions/checkout@v4 # persist-credentials must be false so the deploy step below uses its own token, not the checkout credentials. |
There was a problem hiding this comment.
Use the Node 24 checkout action
This workflow is being updated to address the Node 20 deprecation, but actions/checkout@v4 still declares runs.using: node20 in its action metadata; the Node 24-compatible release is actions/checkout@v5. In scheduled/master deploy runs this will continue to emit the same Node 20 warning and leaves the checkout step exposed to the planned Node 20 runner removal, so this line should be bumped to actions/checkout@v5 instead.
Useful? React with 👍 / 👎.
|
|
||
| - name: Setup Python | ||
| uses: actions/setup-python@v1 | ||
| uses: actions/setup-python@v5 |
There was a problem hiding this comment.
Use the Node 24 setup-python action
actions/setup-python@v5 also still declares runs.using: node20 in its action metadata; the Node 24-compatible release is actions/setup-python@v6. Since this workflow's Python setup runs on every scheduled/push build, the current bump does not actually remove the Node 20 deprecation exposure for this step, so it should target actions/setup-python@v6.
Useful? React with 👍 / 👎.
Greptile SummaryThis PR updates the Pages workflow action versions. The main changes are:
Confidence Score: 5/5This looks safe to merge after considering a small workflow hardening note.
Important Files Changed
Reviews (1): Last reviewed commit: "chore: bump checkout@v2->v4 and setup-py..." | Re-trigger Greptile |
| steps: | ||
| - name: Checkout 🛎️ | ||
| uses: actions/checkout@v2 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly. | ||
| uses: actions/checkout@v4 # persist-credentials must be false so the deploy step below uses its own token, not the checkout credentials. |
There was a problem hiding this comment.
When checkout@v4 runs with submodules: 'recursive' and persist-credentials: false, the checkout action still performs submodule credential cleanup in its post-job step. If the submodule worktree or .gitmodules state is not available in the shape that cleanup expects, the build and deploy can finish successfully but the workflow can still fail during post-job cleanup.
Both actions were being forced onto Node 24 with deprecation warnings (Node 20 is EOL on GitHub runners). No behavior change;
persist-credentials: falseretained so the deploy step keeps using its own token.