DUPLO-42440: Upgrade remaining actions to Node24#112
Open
amaechiabuah wants to merge 7 commits intomainfrom
Open
DUPLO-42440: Upgrade remaining actions to Node24#112amaechiabuah wants to merge 7 commits intomainfrom
amaechiabuah wants to merge 7 commits intomainfrom
Conversation
Contributor
Review Summary by QodoUpgrade remaining GitHub Actions to Node24 runtime
WalkthroughsDescription• Replace deprecated Node20 actions with Node24 compatible alternatives • Replace softprops/action-gh-release@v2 with inline gh release create command • Replace octokit/request-action@v2.x with inline gh api calls • Replace tspascoal/get-user-teams-membership@v3 with inline gh api implementation • Upgrade azure/CLI@v2 to @v3 and sync stale v2 references in setup action Diagramflowchart LR
A["Deprecated Node20 Actions"] -->|Replace| B["Inline gh CLI Commands"]
A -->|Upgrade| C["Node24 Compatible Versions"]
B --> D["rules/action.yml"]
B --> E["publish.yml"]
C --> F["action.yml & setup/action.yml"]
D --> G["Eliminates Node20 Warnings"]
E --> G
F --> G
File Changes1. rules/action.yml
|
Contributor
Code Review by Qodo
|
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| GH_ROLE: ${{ steps.get_user_groups.outputs.role }} | ||
| GH_TEAMS: ${{ steps.actorTeams.outputs.teams }} | ||
| GHA_ENV: ${{ inputs.environment }} | ||
| ISMEMBER: ${{ steps.actorTeams.outputs.isTeamMember }} |
Contributor
There was a problem hiding this comment.
1. Wrong input name used 🐞 Bug ⛨ Security
rules/action.yml references inputs.environment, but the action defines only current_environment; this makes GHA_ENV empty and the later protection condition compare an empty value against protected_environment, preventing the intended block from triggering.
Agent Prompt
### Issue description
`rules/action.yml` references `inputs.environment`, but the composite action input is named `current_environment`. This causes environment display to be blank and can cause the protection gate to fail to execute.
### Issue Context
The action defines `current_environment` and `protected_environment` inputs, and later uses `inputs.environment` in both display and the enforcement `if:` expression.
### Fix Focus Areas
- rules/action.yml[4-16]
- rules/action.yml[49-56]
- rules/action.yml[67-72]
### Suggested change
- Replace `inputs.environment` with `inputs.current_environment` wherever referenced.
- If external callers already pass `environment`, consider adding an additional optional input named `environment` as a backward-compatible alias and use `inputs.environment || inputs.current_environment` in expressions.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
duplodavid
reviewed
Apr 8, 2026
| [](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) ${{ steps.registry.outputs.badge }} | ||
|
|
||
| ${{ steps.bump.outputs.release-notes }} | ||
| env: |
Contributor
There was a problem hiding this comment.
This is the one I had the most conversation with @kferrone about. Maybe we need to create a fork of this package as a one-off to minimize any risk of regression.
3 tasks
- softprops/action-gh-release@v2 → @V3 (Node24, released Apr 14) - octokit/request-action@v2.x → @v3.0.0 (Node24, params in route string) - Add test jobs to GHA Experiments for verification
Contributor
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Eliminates all remaining Node20 deprecation warnings from this repo's actions by upgrading or replacing the 4 remaining Node20-only dependencies.
Ticket: DUPLO-42440
Approach (per reference commit guidance):
azure/CLI@v2→@v3— v3 release only changes the Node runtime to 24octokit/request-action@v2.xwith inlinegh api— v3 also removed support for route parameter inputs (owner,username), making a simple version bump insufficienttspascoal/get-user-teams-membership@v3with inlinegh api— no Node24 version availablesoftprops/action-gh-release@v2with inlinegh release create— no Node24 version availablesetup/action.ymlNote:
duplocloud/version-bump@mainstill uses Node20 (separate repo, out of scope).Test plan
GHA Experimentsworkflow on this branch with test jobs exercising the rules action and release scriptrole=unknown(graceful 403 handling),isTeamMember=false, and displays outputPublish Versionand verifysoftpropswarning is gone (onlyversion-bumpwarning should remain)