chore: update GitHub Actions to latest versions, add commit linting, and configure native GitHub changelog generation#413
Closed
SuperCoolPencil wants to merge 2 commits into
Closed
chore: update GitHub Actions to latest versions, add commit linting, and configure native GitHub changelog generation#413SuperCoolPencil wants to merge 2 commits into
SuperCoolPencil wants to merge 2 commits into
Conversation
…and configure native GitHub changelog generation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
…ntain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
57
to
+81
| @@ -76,15 +76,15 @@ jobs: | |||
| if: startsWith(github.ref, 'refs/tags/ext-v') | |||
| runs-on: ubuntu-latest | |||
| steps: | |||
| - uses: actions/checkout@v4 | |||
| - uses: actions/checkout@v6 | |||
| - name: Download all artifacts | |||
| uses: actions/download-artifact@v4 | |||
| uses: actions/download-artifact@v8 | |||
Contributor
There was a problem hiding this comment.
The build job uploads with actions/upload-artifact@v7 while the release job downloads with actions/download-artifact@v8. These two actions use a shared internal artifact format, and different major versions are not guaranteed to be cross-compatible — a v7-produced artifact may not be correctly read by the v8 client, causing the release job to fail silently or error out on ext-v* tag pushes.
Both actions should be pinned to the same major version. Either downgrade the download to @v7 or upgrade the upload to @v8.
Suggested change
| uses: actions/upload-artifact@v8 |
Prompt To Fix With AI
This is a comment left during a code review.
Path: .github/workflows/extension.yml
Line: 57-81
Comment:
**upload-artifact/download-artifact major-version mismatch**
The `build` job uploads with `actions/upload-artifact@v7` while the `release` job downloads with `actions/download-artifact@v8`. These two actions use a shared internal artifact format, and different major versions are not guaranteed to be cross-compatible — a v7-produced artifact may not be correctly read by the v8 client, causing the release job to fail silently or error out on `ext-v*` tag pushes.
Both actions should be pinned to the same major version. Either downgrade the download to `@v7` or upgrade the upload to `@v8`.
```suggestion
uses: actions/upload-artifact@v8
```
How can I resolve this? If you propose a fix, please make it concise.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Greptile Summary
This PR bumps all GitHub Actions to their latest major versions across 8 workflow files, introduces a new conventional-commits linting workflow, and switches changelog generation to GitHub's native system (backed by a new
.github/release.ymllabel-based config andgoreleaser'suse: github-native).extension.yml:actions/upload-artifact@v7(build job) andactions/download-artifact@v8(release job) are on different major versions; they share an artifact format contract that may break across majors, causing theext-v*release job to fail when downloading artifacts.Confidence Score: 4/5
Safe to merge after fixing the upload/download-artifact version mismatch, which would silently break extension releases.
One P1 finding: the upload-artifact@v7 / download-artifact@v8 mismatch in the connected build→release jobs in extension.yml will cause the release pipeline to fail on ext-v* tag pushes. All other changes are straightforward action version bumps that look correct.
.github/workflows/extension.yml — verify upload-artifact and download-artifact are on the same major version.
Important Files Changed
Prompt To Fix All With AI
Reviews (1): Last reviewed commit: "Potential fix for pull request finding '..." | Re-trigger Greptile