Skip to content

chore: bump checkout@v2->v4 and setup-python@v1->v5#60

Merged
ErikBjare merged 1 commit into
masterfrom
chore/bump-ci-actions
Jul 11, 2026
Merged

chore: bump checkout@v2->v4 and setup-python@v1->v5#60
ErikBjare merged 1 commit into
masterfrom
chore/bump-ci-actions

Conversation

@ErikBjare

Copy link
Copy Markdown
Member

Both actions were being forced onto Node 24 with deprecation warnings (Node 20 is EOL on GitHub runners). No behavior change; persist-credentials: false retained so the deploy step keeps using its own token.

Both were forced onto Node 24 with deprecation warnings (Node 20 EOL on
GitHub runners). persist-credentials: false is retained so the deploy step
keeps using its own token.
@ErikBjare ErikBjare merged commit 5c18473 into master Jul 11, 2026
2 checks passed
@ErikBjare ErikBjare deleted the chore/bump-ci-actions branch July 11, 2026 23:36

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ef9cc04549

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

steps:
- name: Checkout 🛎️
uses: actions/checkout@v2 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly.
uses: actions/checkout@v4 # persist-credentials must be false so the deploy step below uses its own token, not the checkout credentials.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the Node 24 checkout action

This workflow is being updated to address the Node 20 deprecation, but actions/checkout@v4 still declares runs.using: node20 in its action metadata; the Node 24-compatible release is actions/checkout@v5. In scheduled/master deploy runs this will continue to emit the same Node 20 warning and leaves the checkout step exposed to the planned Node 20 runner removal, so this line should be bumped to actions/checkout@v5 instead.

Useful? React with 👍 / 👎.


- name: Setup Python
uses: actions/setup-python@v1
uses: actions/setup-python@v5

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use the Node 24 setup-python action

actions/setup-python@v5 also still declares runs.using: node20 in its action metadata; the Node 24-compatible release is actions/setup-python@v6. Since this workflow's Python setup runs on every scheduled/push build, the current bump does not actually remove the Node 20 deprecation exposure for this step, so it should target actions/setup-python@v6.

Useful? React with 👍 / 👎.

@greptile-apps

greptile-apps Bot commented Jul 11, 2026

Copy link
Copy Markdown

Greptile Summary

This PR updates the Pages workflow action versions. The main changes are:

  • actions/checkout moves from v2 to v4.
  • actions/setup-python moves from v1 to v5.
  • Checkout still disables persisted credentials for the deploy step.

Confidence Score: 5/5

This looks safe to merge after considering a small workflow hardening note.

  • The configured action inputs remain supported by the newer actions.
  • Python 3.12 is still selected explicitly for the workflow.
  • The remaining concern is limited to checkout post-job cleanup when recursive submodule state is unexpected.

Important Files Changed

Filename Overview
.github/workflows/pages.yml Updates GitHub Actions versions for checkout and Python setup while keeping the existing workflow inputs.

Reviews (1): Last reviewed commit: "chore: bump checkout@v2->v4 and setup-py..." | Re-trigger Greptile

steps:
- name: Checkout 🛎️
uses: actions/checkout@v2 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly.
uses: actions/checkout@v4 # persist-credentials must be false so the deploy step below uses its own token, not the checkout credentials.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Submodule Cleanup Can Fail

When checkout@v4 runs with submodules: 'recursive' and persist-credentials: false, the checkout action still performs submodule credential cleanup in its post-job step. If the submodule worktree or .gitmodules state is not available in the shape that cleanup expects, the build and deploy can finish successfully but the workflow can still fail during post-job cleanup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant