upgrade from node 20 to node 24 for github actions

This commit is contained in:
Kenneth Kehl
2026-06-02 07:59:37 -07:00
parent b988d472ae
commit 9c15262b06
13 changed files with 34 additions and 31 deletions

View File

@@ -19,7 +19,7 @@ jobs:
run: exit 0
- name: checkout main branch
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: main
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

View File

@@ -14,6 +14,7 @@ env:
WERKZEUG_DEBUG_PIN: off
REDIS_ENABLED: 0
AWS_US_TOLL_FREE_NUMBER: "+18556438890"
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
jobs:
@@ -37,7 +38,7 @@ jobs:
- 5432:5432
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Install application dependencies
run: make bootstrap
@@ -70,7 +71,7 @@ jobs:
runs-on: ubuntu-latest
environment: staging
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Install poetry packages
run: poetry install
@@ -84,7 +85,7 @@ jobs:
pip-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Create requirements.txt
run: poetry export --output requirements.txt
@@ -98,7 +99,7 @@ jobs:
static-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Install bandit
run: pip install bandit
@@ -123,7 +124,7 @@ jobs:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Install application dependencies
run: make bootstrap

View File

@@ -56,7 +56,7 @@ jobs:
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v6
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL

View File

@@ -19,11 +19,13 @@ env:
REDIS_ENABLED: 0
AWS_US_TOLL_FREE_NUMBER: "+18556438890"
jobs:
pip-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Create requirements.txt
run: poetry export --output requirements.txt
@@ -34,7 +36,7 @@ jobs:
PYSEC-2023-312
CVE-2026-4539
- name: Upload pip-audit artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: pip-audit-report
path: /tmp/pip-audit-output.txt
@@ -42,14 +44,14 @@ jobs:
static-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Install bandit
run: pip install bandit
- name: Run scan
run: bandit -r app/ -f txt -o /tmp/bandit-output.txt --confidence-level medium
- name: Upload bandit artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: bandit-report
path: /tmp/bandit-output.txt
@@ -72,7 +74,7 @@ jobs:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: ./.github/actions/setup-project
- name: Install application dependencies
run: make bootstrap

View File

@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
environment: demo
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
fetch-depth: 2

View File

@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
fetch-depth: 2

View File

@@ -18,7 +18,7 @@ jobs:
environment: staging
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
fetch-depth: 2
@@ -113,6 +113,6 @@ jobs:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'failure' }}
steps:
- uses: actions/github-script@v7
- uses: actions/github-script@v9
with:
script: core.setFailed('Checks failed, not deploying')

View File

@@ -13,7 +13,7 @@ jobs:
environment: staging
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
# Looks like we need to install Terraform ourselves now!
# https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -50,7 +50,7 @@ jobs:
# environment: demo
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# uses: actions/checkout@v6
# with:
# ref: 'production'
@@ -89,7 +89,7 @@ jobs:
environment: production
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
ref: 'production'

View File

@@ -16,7 +16,7 @@ jobs:
environment: demo
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
# Looks like we need to install Terraform ourselves now!
# https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -59,7 +59,7 @@ jobs:
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
- name: Update PR
uses: actions/github-script@v7
uses: actions/github-script@v9
# we would like to update the PR even when a prior step failed
if: ${{ always() }}
with:

View File

@@ -16,7 +16,7 @@ jobs:
environment: production
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
# Looks like we need to install Terraform ourselves now!
# https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -59,7 +59,7 @@ jobs:
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
- name: Update PR
uses: actions/github-script@v7
uses: actions/github-script@v9
# we would like to update the PR even when a prior step failed
if: ${{ always() }}
with:

View File

@@ -16,7 +16,7 @@ jobs:
environment: staging
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
# Looks like we need to install Terraform ourselves now!
# https://github.com/actions/runner-images/issues/10796#issuecomment-2417064348
@@ -60,7 +60,7 @@ jobs:
# inspiration: https://learn.hashicorp.com/tutorials/terraform/github-actions#review-actions-workflow
- name: Update PR
uses: actions/github-script@v7
uses: actions/github-script@v9
# we would like to update the PR even when a prior step failed
if: ${{ always() }}
with: