Skip to content

fix: upgrade all workflows to Node.js 24 (checkout@v5) and add missing permissions#38

Merged
mr-adonis-jimenez merged 8 commits into
mainfrom
fix/upgrade-workflows-node24-permissions
Mar 23, 2026
Merged

fix: upgrade all workflows to Node.js 24 (checkout@v5) and add missing permissions#38
mr-adonis-jimenez merged 8 commits into
mainfrom
fix/upgrade-workflows-node24-permissions

Conversation

@mr-adonis-jimenez

Copy link
Copy Markdown
Owner

Summary

This PR fixes all 8 GitHub Actions workflow files across the repo. It resolves the Node.js 20 deprecation warning (actions/checkout@v4@v5) and closes all 6 open CodeQL security alerts (Workflow does not contain permissions).

Changes

Node.js 24 upgrade (actions/checkout@v4@v5)

  • analytics-runner.yml
  • docker-publish.yml
  • docker-ci.yml
  • documentation-check.yml (both jobs)
  • policy-enforcement.yml
  • release.yml + softprops/action-gh-release@v1@v2
  • scheduled-validation.yml
  • security-checks.yml (all 3 jobs)

Structural fixes

  • docker-ci.yml — added missing checkout step, fixed step order (Buildx must be set up before build)
  • policy-enforcement.yml — added missing on: trigger and jobs: block (file was invalid YAML)
  • security-checks.yml — added missing uses: lines for all 3 checkout steps

Security / CodeQL alerts resolved

Files changed

  • .github/workflows/analytics-runner.yml
  • .github/workflows/docker-ci.yml
  • .github/workflows/docker-publish.yml
  • .github/workflows/documentation-check.yml
  • .github/workflows/policy-enforcement.yml
  • .github/workflows/release.yml
  • .github/workflows/scheduled-validation.yml
  • .github/workflows/security-checks.yml

@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e4e3122ce8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +130 to +131
permissions:
contents: read

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Allow write scope before posting CODEOWNERS PR comments

The codeowners-check job now restricts GITHUB_TOKEN to contents: read, but a later step calls github.rest.issues.createComment when protected paths are changed. On those PRs, this call requires write permission to issues/pull requests and will fail with an authorization error, turning the check red instead of posting the guidance comment.

Useful? React with 👍 / 👎.

@mr-adonis-jimenez mr-adonis-jimenez merged commit a866c2a into main Mar 23, 2026
4 checks passed
@mr-adonis-jimenez mr-adonis-jimenez deleted the fix/upgrade-workflows-node24-permissions branch March 23, 2026 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant