You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Parent: none Depends on: none — all upstream bumps already published as of 2026-04-17
Decision (locked 2026-04-17)
Bump three GitHub-provided and third-party actions from their Node 20 runtime to their Node 24 runtime by pinning newer major versions. All upstream bumps already exist; breaking changes for our usage shape are zero or near-zero. Defer to the opt-in FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true env flag as a fallback only if an upstream bump is delayed past 2026-05-15.
Why
GitHub deprecated Node 20 on Actions runners. 2026-06-02 Node 24 becomes default; 2026-09-16 Node 20 is removed from runners, breaking any action still pinned to it. Three actions in this repo emit the warning today.
Matrix of pins to bump
Action
Current pin
Bump to
Breaking changes relevant to our usage
actions/upload-artifact
@v4
@v7
v5 preliminary Node 24 support (non-breaking), v6 Node 24 default + requires runner ≥ 2.327.1 (GHA-hosted are fine), v7 ESM internals + opt-in archive: false direct uploads (we use vanilla, no impact)
actions/download-artifact
@v4
@v8
v5 fixes path behavior for download-by-ID (we download by name/pattern, no impact); v7 Node 24 default; v8 hash mismatch now errors by default (correctness improvement, welcome) + ESM internals
jdx/mise-action
@v2
@v4
v4.0.0 titled "Node.js 24 Runtime"; upstream labels it "seamless upgrade for vast majority of users". No config changes needed beyond the version string
.github/workflows/ci.yml — all actions/checkout@v6 + actions/setup-go@v6 + actions/cache@v5, all on Node 24 or pure-GHE already, unaffected
Test commands (literal, for agent self-check)
Search for stale pins after bump: grep -rE "upload-artifact@v4|download-artifact@v4|mise-action@v2" .github/ should return zero lines
After pushing the bump: gh workflow run scrape-pack.yml --ref <branch> -f lib=/modelcontextprotocol/go-sdk → gh run view <id> --json jobs --jq '.jobs[].annotations' should not contain "Node.js 20 actions are deprecated"
Out of scope (fenced)
No revert to FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 env flag — only the version pin bump. The env flag is a fallback, not the plan
No bumps to checkout, setup-go, cache — those are on Node 24 already at their current pins
No refactor of workflow file structure — only the version strings change
No simultaneous bump of runner versions — runner minimums are already met by GHA-hosted runners
No PR-template or release-note updates — ambient CI change
Parent: none
Depends on: none — all upstream bumps already published as of 2026-04-17
Decision (locked 2026-04-17)
Bump three GitHub-provided and third-party actions from their Node 20 runtime to their Node 24 runtime by pinning newer major versions. All upstream bumps already exist; breaking changes for our usage shape are zero or near-zero. Defer to the opt-in
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=trueenv flag as a fallback only if an upstream bump is delayed past 2026-05-15.Why
GitHub deprecated Node 20 on Actions runners. 2026-06-02 Node 24 becomes default; 2026-09-16 Node 20 is removed from runners, breaking any action still pinned to it. Three actions in this repo emit the warning today.
Matrix of pins to bump
actions/upload-artifact@v4@v7archive: falsedirect uploads (we use vanilla, no impact)actions/download-artifact@v4@v8jdx/mise-action@v2@v4Acceptance criteria
.github/workflows/scrape-pack.ymlL172 —actions/upload-artifact@v4→@v7.github/workflows/scrape-pack.ymlL223 —actions/download-artifact@v4→@v8.github/workflows/release.ymlL110, L252 —actions/upload-artifact@v4→@v7(2 sites).github/workflows/release.ymlL151, L217, L270 —actions/download-artifact@v4→@v8(3 sites).github/workflows/release.ymlL58 —jdx/mise-action@v2→@v4scrape-packrun and confirm the three Node 20 deprecation warnings are gone from the job annotationsrelease.ymldispatch (no tag push —workflow_dispatchpath) and confirm the job annotations are cleanConcrete file pointers
Files to modify (6 pin sites across 2 files):
.github/workflows/scrape-pack.yml— L172 (upload), L223 (download).github/workflows/release.yml— L58 (mise-action), L110 (upload), L151 (download), L217 (download), L252 (upload), L270 (download)Files to read as reference — do NOT change:
.github/workflows/cache-keepalive.ymlwhen feat(ci): cache-keepalive workflow to prevent 7-day artifact-cache eviction #128 lands — same-day pin review applies, same rules.github/workflows/update-package-channels.yml— usesactions/checkout@v5, already Node 24 runtime, unaffected.github/workflows/ci.yml— allactions/checkout@v6+actions/setup-go@v6+actions/cache@v5, all on Node 24 or pure-GHE already, unaffectedTest commands (literal, for agent self-check)
grep -rE "upload-artifact@v4|download-artifact@v4|mise-action@v2" .github/should return zero linesgh workflow run scrape-pack.yml --ref <branch> -f lib=/modelcontextprotocol/go-sdk→gh run view <id> --json jobs --jq '.jobs[].annotations'should not contain "Node.js 20 actions are deprecated"Out of scope (fenced)
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24env flag — only the version pin bump. The env flag is a fallback, not the plancheckout,setup-go,cache— those are on Node 24 already at their current pinsTimeline
Related