Bump CI action dependencies to latest major versions#4531
Conversation
GitHub is deprecating Node.js 20 for Actions runners, with enforcement starting June 2026. Bump all action dependencies to their latest major versions which use Node.js 22+. Co-Authored-By: HAL 9000
|
👋 I see @joostjager was un-assigned. |
| cargo clean | ||
| - name: Download honggfuzz corpus | ||
| uses: actions/download-artifact@v4 | ||
| uses: actions/download-artifact@v8 |
There was a problem hiding this comment.
The fuzz job uploads with actions/upload-artifact@v7 (line 261) while the coverage job downloads with actions/download-artifact@v8 (line 86). Historically these two actions have been versioned in lockstep (v1/v1, v2/v2, v3/v3, v4/v4). The major version mismatch is unusual — please verify that upload-artifact v7 and download-artifact v8 are artifact-format compatible, or confirm whether these actions have intentionally diverged in versioning.
| - uses: actions/checkout@v4 | ||
| - uses: rustsec/audit-check@v1.4.1 | ||
| - uses: actions/checkout@v6 | ||
| - uses: rustsec/audit-check@v2 |
There was a problem hiding this comment.
Major version bump to rustsec/audit-check@v2 — please verify that the ignore parameter syntax is still supported in v2. If the v2 API changed (e.g., switching to a different input name or format for advisory ignores), this could silently stop ignoring RUSTSEC-2021-0145 and cause spurious CI failures.
Also note: the comment on lines 22-23 still references MSRV rustc 1.63, but the project MSRV elsewhere in build.yml is 1.75. This is a pre-existing issue, not introduced by this PR.
Review SummaryTwo inline comments posted:
Cross-cutting concernVersion existence should be verified: Several of these version bumps are aggressive jumps from v4 ( |
|
Need to double-check the bumped versions. Could be Claude messed up. |
|
@TheBlueMatt I think this first requires that we bump the self-hosted runners to support |
|
Hmm, do we have to bother here? I guess we might have to upgrade the ones that aren't self-hosted but presumably things will keep working and we don't have to worry too much about javascript trash? |
|
Hi @tnull, Thanks for your contributions to After too many struggles with bugs, outages, contributor bans, and, finally, a multi-week CI ban, the rust-lightning project is moving off of GitHub for day-to-day development. You can still file issues and access the git tree here, but PRs will now take place exclusively at https://git.rust-bitcoin.org/. As such, this PR has been migrated to https://git.rust-bitcoin.org/lightningdevkit/rust-lightning/pulls/4531 If you log in using GitHub (or otherwise link your GitHub account from https://git.rust-bitcoin.org/user/settings/security), ownership of your PRs, issues, and comments will automatically transfer. To push updates to this PR, you'll need to use |
GitHub is deprecating Node.js 20 for Actions runners, with enforcement starting June 2026. Bump all action dependencies to their latest major versions which use Node.js 22+.
Co-Authored-By: HAL 9000