[CI] Update workflow action SHAs to latest releases#15544
Open
[CI] Update workflow action SHAs to latest releases#15544
Conversation
…ce83dd) Co-authored-by: radical <1472+radical@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/aspire/sessions/9a19a0dd-4765-4392-9a1b-041f62e2028b
Copilot created this pull request from a session on behalf of
radical
March 24, 2026 20:00
View session
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 15544Or
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 15544" |
radical
changed the title
radical
added
the
area-engineering-systems
Update actions/setup-dotnet, actions/setup-node, and actions/upload-artifact to their latest released SHA-pinned versions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Update the remaining actions/setup-dotnet and actions/upload-artifact pins in .github/actions/enumerate-tests/action.yml to the latest released SHA-pinned versions used elsewhere in the repo. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
radical
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Updates GitHub Actions workflow dependencies to newer, SHA-pinned action revisions to address Node runtime deprecation warnings and keep CI infrastructure up to date.
Changes:
- Pin
actions/checkout,actions/setup-dotnet, andactions/setup-nodeto updated commit SHAs in affected workflows. - Update artifact handling actions (
actions/upload-artifact,actions/download-artifact) to newer SHA pins across CI workflows. - Replace a few remaining tag-based action references in touched workflows with SHA pins for supply-chain consistency.
Reviewed changes
Copilot reviewed 26 out of 26 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/update-github-models.yml | Bumps actions/checkout to a newer SHA pin for the scheduled model update workflow. |
| .github/workflows/update-dependencies.yml | Bumps actions/checkout to a newer SHA pin for the dependency update workflow. |
| .github/workflows/update-ai-foundry-models.yml | Bumps actions/checkout to a newer SHA pin for the model update workflow. |
| .github/workflows/typescript-sdk-tests.yml | Updates actions/checkout + actions/setup-node pins for TS SDK CI. |
| .github/workflows/tests.yml | Updates checkout, setup-node, and artifact upload/download pins used by the main test orchestration workflow. |
| .github/workflows/specialized-test-runner.yml | Updates checkout and artifact upload/download pins used by the specialized test runner workflow. |
| .github/workflows/run-tests.yml | Updates checkout, setup-dotnet, and artifact download/upload pins used by the reusable test runner workflow. |
| .github/workflows/reproduce-flaky-tests.yml | Updates actions/checkout pin for the flaky-test reproduction workflow. |
| .github/workflows/release-github-tasks.yml | Updates actions/checkout pins used by release automation jobs. |
| .github/workflows/refresh-manifests.yml | Updates actions/checkout and actions/setup-dotnet pins for manifest refresh automation. |
| .github/workflows/pr-docs-hook.yml | Updates actions/checkout and actions/setup-node pins for PR docs hook workflow. |
| .github/workflows/polyglot-validation.yml | Updates actions/checkout and artifact download pins used by polyglot validation workflows. |
| .github/workflows/markdownlint.yml | Updates actions/checkout and actions/setup-node pins for markdown lint workflow. |
| .github/workflows/locker.yml | Updates actions/checkout pin for the locker workflow. |
| .github/workflows/generate-ats-diffs.yml | Updates actions/checkout pin for ATS diffs generation workflow. |
| .github/workflows/generate-api-diffs.yml | Updates actions/checkout pin for API diffs generation workflow. |
| .github/workflows/deployment-tests.yml | Updates checkout, setup-dotnet, and artifact upload/download pins used by deployment test workflows. |
| .github/workflows/copilot-setup-steps.yml | Updates checkout and setup-dotnet pins for Copilot agent pre-steps. |
| .github/workflows/ci.yml | Updates actions/checkout pin for CI workflow. |
| .github/workflows/build-packages.yml | Updates checkout and upload-artifact pins for package build workflow. |
| .github/workflows/build-cli-native-archives.yml | Updates checkout and upload-artifact pins for CLI native archive build workflow. |
| .github/workflows/backport.yml | Updates actions/checkout pin for backport workflow. |
| .github/workflows/backmerge-release.yml | Updates actions/checkout pin for backmerge workflow. |
| .github/workflows/auto-rerun-transient-ci-failures.yml | Updates actions/checkout pin for CI auto-rerun workflow. |
| .github/workflows/apply-test-attributes.yml | Updates actions/checkout and actions/setup-dotnet pins for test attribute automation workflow. |
| .github/actions/enumerate-tests/action.yml | Updates checkout, setup-dotnet, and upload-artifact pins in the composite action used by CI. |
Support both the legacy nested artifact path and the direct extraction layout introduced by newer actions/download-artifact versions so nuget-based test jobs can find packages again. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
🎬 CLI E2E Test Recordings — 49 recordings uploaded (commit View recordings
📹 Recordings uploaded automatically from CI run #23513708406 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Update workflow action references to the SHAs for the latest available releases. This PR also switches the touched workflow references away from tag-based action references to SHA pins only.
actions/checkoutde0fac2e4500dabe0009e67214ff5f5447ce83ddv6.0.2actions/setup-dotnetc2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7v5.2.0actions/setup-node53b83947a5a98c8d113130e565377fae1a50d02fv6.3.0actions/upload-artifactbbbca2ddaa5d8feaa63e36b76fdaad77386f024fv7.0.0actions/download-artifact3e5f45b2cfb9172054b4087a40e8e0b5a5461e7cv8.0.1This also fixes Node 20 deprecation warnings introduced by older action versions.
Fixes #15324
Checklist
<remarks />and<code />elements on your triple slash comments?aspire.devissue: