chore(workflows): upgrade workflow actions #2830
Conversation
When run, `actions/checkout` causes several warnings in our workflows: ``` The `save-state` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v2.5.0 replaced the use of `save-state` and v3.0.0 moved to node16. Within the project, several releases are in use: ``` actions/checkout@master actions/checkout@v1 actions/checkout@v2 actions/checkout@v2-beta actions/checkout@v3 ``` Adopt `v3` for all - addressing the warnings and making usage consistent.
When run, `actions/cache` causes a warning in our workflows: ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v3.0.0 moved to node16; adopt the v3 release.
When run, `actions/setup-python` causes a warning in our `lint` workflow: ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v3.0.0 moved to node16; adopt the v3 release.
When run, `isort-action` causes a warning in our `lint` workflow: ``` The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` Release v1.1.0 replaced the use of `save-state`. Adopt v1 and drop minor version qualifier now transitioned out of initial development.
When run, `docker/build-push-action` causes several warnings in our `tests` workflow: ``` The `save-state` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v3.0.0 moved to node16 and v3.2.0 replaced the use of `set-state`. Adopt the latest release, v4 (v3 would be sufficient, but there's no added verification cost to advancing further). NOTE: v4 enabled "support for a minimal SLSA Provenance attestation" which "may introduce issues with registry and runtime support".
When run, `docker/setup-buildx-action` causes several warnings in our `tests` workflow: ``` The `save-state` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ ``` ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v2.0.2 moved to node16 and v2.1.0 replaced the use of `set-state`; adopt the v2 release.
When run, `aws-actions/configure-aws-credentials` causes a warning in out aws-`docker-compose` workflow: ``` Node.js 12 actions are deprecated. https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ ``` Release v2.0.0 moved to node16; adopt the v2 release.
In theory, this will make updates easier keep up with. Given aggressiveness of deprecation in Github actions - that would break CI/CD - keeping up to date has more than passing importance.
|
Special attention is needed for docker/build-push-action@v4. It comes with the note:
This may affect Courtlistener. If so, v4 could still be adopted using |
cweider
changed the title
|
Man, I just tried to learn more about SLSA and province and whether it would affect us, and Crazy Max is just always on a different level from me. I can understand what the purpose of these things is, but I have no idea if the comment will affect me and little idea how to check aside from just chancing it. |
|
Yea, “YMMV, the only way to find out is to try” seems to be the situation. Surprisingly, change was made in the minor release, v3.3.0. After a few weeks v3.3.1, came along switching provenance to be disabled by default (where 4.0.0 came at the same time with the default as enabled). Failure case would probably be analogous to deploying an image with an incompatible architecture. This, from
Kubernetes probably failed early and gracefully in that case? |
|
Thanks. This is waiting on #2827. |
|
This deployed cleanly, thank goodness. Thank you! |
When run, the majority of the workflow warnings mentioned in #2828 are:
And these can be resolved by upgrading offending actions to more recent versions. After that, the patch adds Dependabot integration so that, prospectively, action upgrades are easier to manage.