update github actions from node 20 to 24, fix dulwich and idna

2026-06-25 18:01:57 -04:00 · 2026-06-02 08:32:35 -07:00
parent a7c2736bdc
commit 3d7c80827c
13 changed files with 86 additions and 76 deletions
--- a/.github/actions/setup-project/action.yml
+++ b/.github/actions/setup-project/action.yml
@@ -10,7 +10,7 @@ runs:
        && sudo apt-get install -y --no-install-recommends \
        libcurl4-openssl-dev
    - name: Set up Python 3.13.2
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v6
      with:
        python-version: "3.13.2"
    - name: Install poetry
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -22,9 +22,9 @@ jobs:
      contents: write
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: "22.3.0"
      - name: Install dependencies
@@ -87,7 +87,7 @@ jobs:
          - 6379:6379

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - uses: jwalton/gh-find-current-pr@v1
        id: findPr
@@ -123,7 +123,7 @@ jobs:
    runs-on: ubuntu-latest
    environment: staging
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - name: Validate NewRelic config
        env:
@@ -136,7 +136,7 @@ jobs:
  dependency-audits:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - name: Create requirements.txt
        run: poetry export --output requirements.txt
@@ -152,7 +152,7 @@ jobs:
  static-scan:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - name: Run scan
        run: poetry run bandit -r app/ --confidence-level medium
@@ -160,7 +160,7 @@ jobs:
  dynamic-scan:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - name: Run server
        run: make run-flask &
@@ -179,7 +179,7 @@ jobs:
  a11y-scan:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - name: Run server
        run: make run-flask &
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -58,7 +58,7 @@ jobs:
        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -22,7 +22,7 @@ jobs:
  dependency-audits:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
    - uses: ./.github/actions/setup-project
    - name: Create requirements.txt
      run: poetry export --output requirements.txt
@@ -38,7 +38,7 @@ jobs:
  static-scan:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - name: Run scan
        run: poetry run bandit -r app/ --confidence-level medium
@@ -46,7 +46,7 @@ jobs:
  dynamic-scan:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
      - uses: ./.github/actions/setup-project
      - name: Run server
        run: make run-flask &
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    environment: demo
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
        with:
          fetch-depth: 2

--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    environment: production
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
        with:
          fetch-depth: 2

--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -17,7 +17,7 @@ jobs:

    environment: staging
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
      with:
        fetch-depth: 2

@@ -126,6 +126,6 @@ jobs:
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
    steps:
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v9
        with:
          script: core.setFailed('Checks failed, not deploying')
--- a/.github/workflows/drift.yml
+++ b/.github/workflows/drift.yml
@@ -13,7 +13,7 @@ jobs:
    environment: staging
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

      # Looks like we need to install Terraform ourselves now!
      # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -51,7 +51,7 @@ jobs:
    environment: demo
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
        with:
          ref: 'production'

@@ -90,7 +90,7 @@ jobs:
    environment: production
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
        with:
          ref: 'production'

--- a/.github/workflows/terraform-demo.yml
+++ b/.github/workflows/terraform-demo.yml
@@ -16,7 +16,7 @@ jobs:
    environment: demo
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

      # Looks like we need to install Terraform ourselves now!
      # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -59,7 +59,7 @@ jobs:

      # inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
      - name: Update PR
-        uses: actions/github-script@v7
+        uses: actions/github-script@v9
        # we would like to update the PR even when a prior step failed
        if: ${{ always() }}
        with:
--- a/.github/workflows/terraform-production.yml
+++ b/.github/workflows/terraform-production.yml
@@ -16,7 +16,7 @@ jobs:
    environment: production
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

      # Looks like we need to install Terraform ourselves now!
      # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -59,7 +59,7 @@ jobs:

      # inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
      - name: Update PR
-        uses: actions/github-script@v7
+        uses: actions/github-script@v9
        # we would like to update the PR even when a prior step failed
        if: ${{ always() }}
        with:
--- a/.github/workflows/terraform-staging.yml
+++ b/.github/workflows/terraform-staging.yml
@@ -16,7 +16,7 @@ jobs:
    environment: staging
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

      # Looks like we need to install Terraform ourselves now!
      # https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -59,7 +59,7 @@ jobs:

      # inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
      - name: Update PR
-        uses: actions/github-script@v7
+        uses: actions/github-script@v9
        # we would like to update the PR even when a prior step failed
        if: ${{ always() }}
        with: