Skip to content

chore: DEVPLAT-7373 fix Node.js 20 deprecated GitHub Actions#24

Merged
kamranf merged 4 commits into
mainfrom
kristianm/node20-deprecated-actions
May 8, 2026
Merged

chore: DEVPLAT-7373 fix Node.js 20 deprecated GitHub Actions#24
kamranf merged 4 commits into
mainfrom
kristianm/node20-deprecated-actions

Conversation

@kristianmills
Copy link
Copy Markdown
Contributor

@kristianmills kristianmills commented Apr 29, 2026
edited by cursor Bot
Loading

Summary

Upgrades GitHub Actions that use the deprecated Node.js 20 runtime to Node.js 24 compatible versions.

Node.js 20 actions will be forced to run on Node.js 24 by default starting June 2nd, 2026. See the GitHub deprecation notice.

Changes made:

  • cycjimmy/semantic-release-action@v4cycjimmy/semantic-release-action@v5

🤖 Generated with Claude Code

DEVPLAT-7373

Note

Medium Risk
Medium risk because it changes release automation (semantic-release) and Slack notification delivery; misconfiguration could break publishing or notifications.

Overview
Modernizes CI automation to avoid deprecated Node.js 20 GitHub Actions runtimes.

The release workflow upgrades cycjimmy/semantic-release-action to v5 and explicitly sets semantic_version: 24.

The composite job-notification action upgrades slackapi/slack-github-action to v3 and updates invocation to the new API (method: chat.postMessage, token/payload usage, and embedding channel in the payload instead of channel-id).

Reviewed by Cursor Bugbot for commit 66a86b6. Bugbot is set up for automated code reviews on this repo. Configure here.

@kristianmills kristianmills requested a review from a team as a code owner April 29, 2026 19:32
kamranf
kamranf previously approved these changes Apr 29, 2026
View reviewed changes
cursor[bot]
cursor Bot reviewed Apr 29, 2026
View reviewed changes
Comment thread action.yml Outdated
semgrep-scribd[bot]
semgrep-scribd Bot reviewed Apr 30, 2026
View reviewed changes
Comment thread action.yml Outdated
cursor[bot]
cursor Bot reviewed Apr 30, 2026
View reviewed changes
Comment thread .github/workflows/release.yml
cursor[bot]
cursor Bot reviewed Apr 30, 2026
View reviewed changes
Comment thread action.yml Outdated
@kristianmills kristianmills force-pushed the kristianm/node20-deprecated-actions branch from 31a8d1a to f892ca8 Compare May 6, 2026 19:30
semgrep-scribd[bot]
semgrep-scribd Bot reviewed May 6, 2026
View reviewed changes
Comment thread action.yml
cursor[bot]
cursor Bot reviewed May 6, 2026
View reviewed changes
Comment thread .github/workflows/pr-check.yml
Comment thread .github/workflows/release.yml
- name: Checkout
uses: actions/checkout@v6
with:
persist-credentials: false
Copy link
Copy Markdown

@cursor cursor Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing fetch-depth: 0 breaks semantic release versioning

High Severity

The checkout step is missing fetch-depth: 0. By default, actions/checkout performs a shallow clone (depth 1) without tags. Semantic-release requires full git history and tags to find previous releases, analyze commits since the last release, and determine the correct version bump. Without this, semantic-release may fail, skip releases, or compute incorrect versions. Both the official semantic-release docs and the cycjimmy/semantic-release-action README explicitly show fetch-depth: 0 as required.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit f892ca8. Configure here.

Copy link
Copy Markdown
Contributor

@kamranf kamranf May 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kristianmills I don't see this issue in other repos e.g. https://github.com/scribd/eks-deployer/blob/d3c1c8a0c37392444bab6ff358a7fc40f74216ea/.github/workflows/ci.yml#L38 can you confirm if we need to fix those as well? Or maybe if we do merge commits its fine to have shallow clones.

Copy link
Copy Markdown
Contributor Author

@kristianmills kristianmills May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From looking online, it seems cursorbot got confused between the official semantic release, which does recommend, but not require, it, and cycjimmy/semantic-release-action. None of the documentation for cycjimmy/semantic-release-action sets. fetch depth, and I have never had any errors or issues when I have tested them in the past (also we've never used fetch-depth 0 on this or any of the other repos before when using cycjimmy/semantic-release-action.

@kristianmills kristianmills force-pushed the kristianm/node20-deprecated-actions branch from f892ca8 to 4f600ce Compare May 6, 2026 21:17
cursor[bot]
cursor Bot reviewed May 6, 2026
View reviewed changes
Comment thread action.yml
@kristianmills kristianmills requested a review from kamranf May 6, 2026 22:14
charlesging
charlesging previously approved these changes May 6, 2026
View reviewed changes
terranisu
terranisu previously approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@terranisu terranisu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kristianmills kristianmills dismissed stale reviews from terranisu and charlesging via 8f8c6e8 May 8, 2026 18:45
@kristianmills
fix: token passed
66a86b6 
This reverts commit f985867.
@kristianmills kristianmills force-pushed the kristianm/node20-deprecated-actions branch from 8f8c6e8 to 66a86b6 Compare May 8, 2026 18:58
cursor[bot]
cursor Bot reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 66a86b6. Configure here.

Comment thread .github/workflows/release.yml
- name: Semantic Release
id: semantic
uses: cycjimmy/semantic-release-action@v4
uses: cycjimmy/semantic-release-action@v5
Copy link
Copy Markdown

@cursor cursor Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary persist-credentials: false added by AI tool

Low Severity

The persist-credentials: false option was added to the checkout step but isn't required for this workflow. As confirmed in the PR discussion, this was introduced by the AI tool (Claude Code) based on a misconception about cycjimmy/semantic-release-action needing it — the official semantic-release docs recommend it, but the cycjimmy wrapper does not, and this repo has never used it. It's harmless but unnecessary, adding noise that may confuse future maintainers about its purpose.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 66a86b6. Configure here.

@kamranf kamranf merged commit 43fb236 into main May 8, 2026
11 checks passed
@kamranf kamranf deleted the kristianm/node20-deprecated-actions branch May 8, 2026 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@semgrep-scribd semgrep-scribd[bot] semgrep-scribd[bot] left review comments

@kamranf kamranf kamranf approved these changes

@terranisu terranisu terranisu left review comments

@charlesging charlesging charlesging left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kristianmills @kamranf @terranisu @charlesging