build(workflow): update Node.js version to 22.x and adjust permissions

[grzanka]

This pull request includes updates to GitHub Actions workflows and a minor dependency version change in the buildPython.js file. The most important changes involve standardizing permissions across workflows, updating dependencies, and refining testing strategies.

Workflow Updates

• Standardized permissions in workflows:

  • Added contents: read and packages: write permissions to .github/workflows/cleanup_closed_pr_packages.yaml and .github/workflows/packages_retention.yaml. These permissions are necessary for repository checkout and deleting packages from GHCR. [1] [2]
  • Added contents: read permissions to .github/workflows/manual_test.yml and .github/workflows/node.js.yml to support actions like checkout and reading repository content. [1] [2]

• Refined testing strategies in manual_test.yml:

  • Removed the background start of the application on Windows and replaced it with a build step (npm run build). Adjusted conditional steps to ensure Ubuntu-specific tasks like starting the app and running tests are only executed on Ubuntu.
  • Reduced the matrix of Node.js versions to [20.x, 22.x] and Python versions to ['3.11', '3.12'] for more focused testing.

• Updated Node.js version in node.js.yml:

  • Changed the Node.js version from 20.x to 22.x in the CI workflow for consistency with newer dependencies.

Dependency Updates

• Updated Poetry version in buildPython.js:
  • Changed the Poetry dependency from a version range (~= 1.8.2) to a specific version (1.8.5) to ensure compatibility and stability.

[Copilot]

Pull Request Overview

This PR updates the build and workflow configurations by updating the Node.js version to 22.x, adjusting GitHub Actions permissions and making a minor update to the Python build script.

• Update of the Node.js version in workflows
• Addition and adjustment of necessary permissions for GHCR package cleanup
• Update of the poetry installation command in the Python build script

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
buildPython.js	Poetry installation command updated to install version 1.8.5
.github/workflows/packages_retention.yaml	Added permissions for package retention cleanup actions
.github/workflows/node.js.yml	Updated Node.js version and refined permissions settings
.github/workflows/manual_test.yml	Updated test matrices and improved Windows command line invocation
.github/workflows/cleanup_closed_pr_packages.yaml	Added permissions for cleaning up closed PR packages

Comments suppressed due to low confidence (1)

buildPython.js:93

• The updated command for installing poetry changes from using a flexible version specifier ('~= 1.8.2') to an exact version pin ('== 1.8.5'). Please verify that this strict pinning is intentional and aligns with the project's dependency management strategy.

executeCommand(`${venvCommandPrefix} pip install "poetry==1.8.5" ${venvCommandSuffix}`);

[Copilot]

Pull Request Overview

This PR updates various build and workflow configurations to support Node.js version 22.x and to refine permissions for package management. Key changes include updating the Poetry installation version in the Python build script, adding and adjusting permissions in several GitHub workflow configuration files, and updating the Node.js version in the CI workflow.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
buildPython.js	Upgraded Poetry installation from version approximation to a strict version (1.8.5)
.github/workflows/packages_retention.yaml	Added permissions to support package deletion from the GitHub Container Registry
.github/workflows/node.js.yml	Updated to Node.js 22.x and adjusted global versus job-level permissions
.github/workflows/manual_test.yml	Revised test matrix and updated Windows test step command to "npm run build"
.github/workflows/cleanup_closed_pr_packages.yaml	Added permissions for cleaning up closed PR packages

Comments suppressed due to low confidence (2)

.github/workflows/node.js.yml:66

• Check if the removal of 'contents: read' from the job permissions in the Node.js workflow is intentional and that the global permissions sufficiently cover all required repository access.

# (removal of the duplicated 'contents: read' entry)

.github/workflows/manual_test.yml:47

• Confirm that using 'npm run build' for the Windows test step is the desired behavior, replacing the previous background start command.

- name: Test application build on Windows

[Copilot]

Verify that the strict version pin to poetry 1.8.5 is intentional, as the previous version approximation allowed compatible updates.

Suggested change

	executeCommand(`${venvCommandPrefix} pip install "poetry==1.8.5" ${venvCommandSuffix}`);
	// Using a version range to allow compatible updates while restricting major version changes.
	executeCommand(`${venvCommandPrefix} pip install "poetry>=1.8,<2.0" ${venvCommandSuffix}`);