From 8dd65a549762ff0b17c0df83d65ed57d0b7cb23b Mon Sep 17 00:00:00 2001
From: Nikita Ivanov <kesha.plovec02@gmail.com>
Date: Sat, 2 May 2026 13:47:23 +0000
Subject: [PATCH] chore(ci): bump actions to Node 24-ready versions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

GitHub forces Node.js 24 on actions runners from 2026-06-02 (Node 20
removal on 2026-09-16). Bumps the actions we control to versions that
declare native Node 24 support so behavior is explicit instead of
relying on the runner's auto-upgrade fallback.

Changes:
- actions/checkout@v4 → @v5 (all workflows; v5 added Node 24 support)
- JamesIves/github-pages-deploy-action@v4 → @v4.8.0 (first release
  on Node 24 runtime; pinning makes the upgrade explicit in history)

Also folds in the pr-preview.yml _site/ staging fix that was verified
on the dummy/preview-smoke-test branch (closed before merge):

- pr-preview.yml: source-dir: ./ → ./_site/ to avoid two regressions
  observed during the live smoke test —
    1. JamesIves' rsync recursing into its temp folder until OS
       max-path-length overflowed
    2. Repo root .gitignore shipping to gh-pages and excluding the
       staged install.sh

Not bumped (separate follow-up — multi-major gaps with breaking
changes warrant individual review):
- actions/cache v4 → v5
- actions/setup-node v4 → v6
- actions/setup-python v5 → v6
- actions/upload-artifact v4 → v7
- actions/download-artifact v4 → v8

Not bumped (composite action; Node 24 readiness depends on its
sub-actions, tracked upstream in rossjrw/pr-preview-action#135 and
#136):
- rossjrw/pr-preview-action@v1

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/deploy.yml           |  7 ++++--
 .github/workflows/nightly-mutation.yml |  4 ++--
 .github/workflows/nightly-qemu.yml     |  2 +-
 .github/workflows/pr-preview.yml       | 32 ++++++++++++++++++++------
 .github/workflows/release.yml          | 12 +++++-----
 .github/workflows/test.yml             |  8 +++----
 6 files changed, 43 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 80708d4..b422210 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # Stage only the served files into _site/ so that:
       #   1. The repo's root .gitignore (which ignores install.sh) is NOT
@@ -44,7 +44,10 @@ jobs:
           cp -r assets _site/
 
       - name: Deploy to gh-pages branch
-        uses: JamesIves/github-pages-deploy-action@v4
+        # Pinned to v4.8.0 — the first release on Node.js 24 runtime.
+        # GitHub forces Node 24 from 2026-06-02; @v4 floats but pinning here
+        # keeps the upgrade explicit in git history.
+        uses: JamesIves/github-pages-deploy-action@v4.8.0
         with:
           folder: _site
           branch: gh-pages
diff --git a/.github/workflows/nightly-mutation.yml b/.github/workflows/nightly-mutation.yml
index 4608aba..b5c4165 100644
--- a/.github/workflows/nightly-mutation.yml
+++ b/.github/workflows/nightly-mutation.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-24.04
     continue-on-error: true
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-node@v4
         with:
           node-version: '22'
@@ -38,6 +38,6 @@ jobs:
     runs-on: ubuntu-24.04
     continue-on-error: true
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run bash mutator
         run: bash tests/mutation/bash-mutator.sh || echo "::warning::bash-mutator below target (advisory in v0.3.0)"
diff --git a/.github/workflows/nightly-qemu.yml b/.github/workflows/nightly-qemu.yml
index fc4da5b..6c1495c 100644
--- a/.github/workflows/nightly-qemu.yml
+++ b/.github/workflows/nightly-qemu.yml
@@ -33,7 +33,7 @@ jobs:
       matrix:
         ubuntu: ['22.04', '24.04']
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       # Skip the matrix leg when workflow_dispatch targeted a single version.
       # Cron runs (github.event_name == 'schedule') always exercise both.
diff --git a/.github/workflows/pr-preview.yml b/.github/workflows/pr-preview.yml
index ae31d51..597ef76 100644
--- a/.github/workflows/pr-preview.yml
+++ b/.github/workflows/pr-preview.yml
@@ -27,23 +27,41 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout PR head
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         if: github.event.action != 'closed'
 
-      # Mirrors deploy.yml so the preview ships the same install.sh bytes
-      # served at agentlinux.org/install.sh.
-      - name: Stage install.sh (mirror deploy.yml)
+      # Stage only the served files into _site/ — mirrors deploy.yml. Two
+      # reasons it must be a subfolder, not the repo root:
+      #   1. JamesIves/github-pages-deploy-action (used internally by
+      #      rossjrw/pr-preview-action) rsyncs source-dir to its own temp
+      #      folder. With source-dir: ./ it recurses into the temp folder
+      #      until the path overflows OS max-path-length and the deploy
+      #      fails (observed on the dummy/preview-smoke-test branch).
+      #   2. The repo's root .gitignore (which ignores install.sh) would
+      #      otherwise ship to gh-pages and the action's `git add --all`
+      #      would skip the staged install.sh — same regression that broke
+      #      production after #4.
+      - name: Assemble site bundle
         if: github.event.action != 'closed'
-        run: cp packaging/curl-installer/install.sh install.sh
+        run: |
+          mkdir -p _site
+          cp packaging/curl-installer/install.sh _site/install.sh
+          cp index.html _site/
+          cp CNAME _site/
+          cp sitemap.xml _site/
+          cp robots.txt _site/
+          cp -r assets _site/
 
       # rossjrw/pr-preview-action publishes to gh-pages/pr-preview/pr-N/
       # on opened/reopened/synchronize, and removes that directory on closed.
       # The umbrella-dir matches deploy.yml's clean-exclude so prod deploys
-      # do not wipe open previews.
+      # do not wipe open previews. The action is composite, so its Node 24
+      # readiness depends on its sub-action marocchino/sticky-pull-request-comment;
+      # rossjrw/pr-preview-action issues #135/#136 track that bump upstream.
       - name: Deploy PR preview
         uses: rossjrw/pr-preview-action@v1
         with:
-          source-dir: ./
+          source-dir: ./_site/
           preview-branch: gh-pages
           umbrella-dir: pr-preview
           action: auto
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 905934e..b46d45b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -49,7 +49,7 @@ jobs:
     outputs:
       tag: ${{ steps.tag.outputs.value }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Resolve and validate tag
         id: tag
         env:
@@ -73,7 +73,7 @@ jobs:
     runs-on: ubuntu-24.04
     timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-python@v5
         with:
           python-version: '3.12'
@@ -132,7 +132,7 @@ jobs:
       matrix:
         ubuntu: [ubuntu-22.04, ubuntu-24.04]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Docker bats matrix (incl. 51-*.bats — TST-05 inside Docker)
         run: bash tests/docker/run.sh ${{ matrix.ubuntu }}
 
@@ -149,7 +149,7 @@ jobs:
       matrix:
         ubuntu: ['22.04', '24.04']
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-node@v4
         with:
           node-version: '22'
@@ -226,7 +226,7 @@ jobs:
     runs-on: ubuntu-24.04
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Pinned catalog combo + 50-agents.bats + 51-*.bats (TST-08)
         run: bash tests/docker/run.sh ubuntu-24.04
 
@@ -239,7 +239,7 @@ jobs:
     runs-on: ubuntu-24.04
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-node@v4
         with:
           node-version: '22'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b14ea2c..a506447 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,7 +28,7 @@ jobs:
   pre-commit:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-python@v5
         with:
           python-version: '3.12'
@@ -51,7 +51,7 @@ jobs:
   cli-unit:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-node@v4
         with:
           node-version: '22'
@@ -98,7 +98,7 @@ jobs:
       # without pull-requests: read the API call returns 403.
       pull-requests: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           # Full history so gitleaks can scan every commit, not just the
           # PR's tip.
@@ -127,7 +127,7 @@ jobs:
           - ubuntu-22.04
           - ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       # Empty-plugin guard from Phase 1: still useful. After Phase 2 lands the
       # tests/bats/*.bats files the guard falls through to the real run. If a
       # future revert removes the bats suite the job short-circuits rather