From 7f6b9302e1bdcfa2164aae939637e7802277a65c Mon Sep 17 00:00:00 2001 From: Alexander Amiri Date: Thu, 12 Mar 2026 16:31:50 +0100 Subject: [PATCH] Upgrade GitHub Actions to Node 24 compatible versions | Action | Old | New | |--------|-----|-----| | actions/checkout | v5 | v6 | | aws-actions/configure-aws-credentials | v5 | v6 | | actions/upload-artifact | v6 | v7 | | actions/download-artifact | v5 | v8 | | actions/create-github-app-token | v1 | v2 | Fixes Node.js 20 deprecation warnings. Deadline is June 2, 2026. --- .github/workflows/approve-override.yml | 4 ++-- .github/workflows/build-jvm.yml | 4 ++-- .github/workflows/build-ts.yml | 2 +- .github/workflows/detect.yml | 2 +- .github/workflows/docker-build.yml | 4 ++-- .github/workflows/eb-deploy.yml | 4 ++-- .github/workflows/ecs-deploy.yml | 6 +++--- .github/workflows/expand-terraform.yml | 6 +++--- .github/workflows/platform-ci.yml | 16 ++++++++-------- .github/workflows/tf-apply.yml | 8 ++++---- .github/workflows/tf-plan.yml | 8 ++++---- 11 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/approve-override.yml b/.github/workflows/approve-override.yml index b8eeba3..2ee8d53 100644 --- a/.github/workflows/approve-override.yml +++ b/.github/workflows/approve-override.yml @@ -37,12 +37,12 @@ jobs: runs-on: ubuntu-latest environment: override-approval steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: sparse-checkout: scripts - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-override-approver aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/build-jvm.yml b/.github/workflows/build-jvm.yml index fb62d5c..d367001 100644 --- a/.github/workflows/build-jvm.yml +++ b/.github/workflows/build-jvm.yml @@ -16,7 +16,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/setup-java@v4 with: @@ -29,7 +29,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: test-results path: "**/target/surefire-reports/*.xml" diff --git a/.github/workflows/build-ts.yml b/.github/workflows/build-ts.yml index c03e08d..a6ed74e 100644 --- a/.github/workflows/build-ts.yml +++ b/.github/workflows/build-ts.yml @@ -16,7 +16,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/detect.yml b/.github/workflows/detect.yml index 20bfccd..14e156d 100644 --- a/.github/workflows/detect.yml +++ b/.github/workflows/detect.yml @@ -41,7 +41,7 @@ jobs: has_cdk: ${{ steps.check.outputs.has_cdk }} app_name: ${{ steps.check.outputs.app_name }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Detect repo contents id: check diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 28127da..2d0fd81 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -38,10 +38,10 @@ jobs: image_uri: ${{ steps.push.outputs.image_uri }} image_tag: ${{ steps.tags.outputs.primary_tag }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-deploy-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/eb-deploy.yml b/.github/workflows/eb-deploy.yml index e319f2d..ecec5f7 100644 --- a/.github/workflows/eb-deploy.yml +++ b/.github/workflows/eb-deploy.yml @@ -27,10 +27,10 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-deploy-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/ecs-deploy.yml b/.github/workflows/ecs-deploy.yml index c1280cb..9a25b64 100644 --- a/.github/workflows/ecs-deploy.yml +++ b/.github/workflows/ecs-deploy.yml @@ -34,14 +34,14 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }} @@ -50,7 +50,7 @@ jobs: path: .platform - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-deploy-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/expand-terraform.yml b/.github/workflows/expand-terraform.yml index 0fe06bd..7850ff0 100644 --- a/.github/workflows/expand-terraform.yml +++ b/.github/workflows/expand-terraform.yml @@ -27,20 +27,20 @@ jobs: expand: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: ${{ github.ref }} - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/platform-ci.yml b/.github/workflows/platform-ci.yml index 51ffe91..60da484 100644 --- a/.github/workflows/platform-ci.yml +++ b/.github/workflows/platform-ci.yml @@ -47,7 +47,7 @@ jobs: plan_sha256: ${{ steps.upload.outputs.plan_sha256 }} risk_level: ${{ steps.review.outputs.risk_level }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: @@ -55,7 +55,7 @@ jobs: terraform_wrapper: false - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-infra-plan aws-region: ${{ env.AWS_REGION }} @@ -84,7 +84,7 @@ jobs: - name: Upload Lambda ZIPs as artifact if: steps.plan.outputs.has_changes == 'true' - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: lambda-zips path: ${{ env.TF_ROOT }}/lambdas/builds/ @@ -131,14 +131,14 @@ jobs: needs.plan.outputs.has_changes == 'true' environment: production steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: terraform_version: "1.7" terraform_wrapper: false - - uses: aws-actions/configure-aws-credentials@v5 + - uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-infra aws-region: ${{ env.AWS_REGION }} @@ -150,7 +150,7 @@ jobs: run: sh scripts/check-risk-block.sh "$RISK" - name: Download Lambda ZIPs from artifact - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v8 with: name: lambda-zips path: ${{ env.TF_ROOT }}/lambdas/builds/ @@ -179,14 +179,14 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'schedule' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: terraform_version: "1.7" terraform_wrapper: false - - uses: aws-actions/configure-aws-credentials@v5 + - uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/javabin-ci-infra aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/tf-apply.yml b/.github/workflows/tf-apply.yml index 1489001..afe73b2 100644 --- a/.github/workflows/tf-apply.yml +++ b/.github/workflows/tf-apply.yml @@ -34,7 +34,7 @@ jobs: env: PLAN_BUCKET: javabin-ci-plan-artifacts-${{ inputs.aws_account_id }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hashicorp/setup-terraform@v4 with: @@ -43,14 +43,14 @@ jobs: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }} @@ -59,7 +59,7 @@ jobs: # Step 1: Lightweight OIDC role — can only invoke gate Lambda + read S3 - name: Configure gate credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-apply-gate aws-region: ${{ inputs.aws_region }} diff --git a/.github/workflows/tf-plan.yml b/.github/workflows/tf-plan.yml index f983dde..1f32bb8 100644 --- a/.github/workflows/tf-plan.yml +++ b/.github/workflows/tf-plan.yml @@ -45,7 +45,7 @@ jobs: env: PLAN_BUCKET: javabin-ci-plan-artifacts-${{ inputs.aws_account_id }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: ${{ github.ref }} @@ -55,21 +55,21 @@ jobs: terraform_wrapper: false - name: Configure AWS credentials via OIDC - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::${{ inputs.aws_account_id }}:role/javabin-ci-app-${{ github.event.repository.name }} aws-region: ${{ inputs.aws_region }} - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.PLATFORM_APP_ID }} private-key: ${{ secrets.PLATFORM_APP_PRIVATE_KEY }} owner: javaBin - name: Checkout platform scripts - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: javaBin/platform token: ${{ steps.app-token.outputs.token }}