-
Notifications
You must be signed in to change notification settings - Fork 409
[v4] Upgrade Node.js runtime from v20 to v24 #3169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
This requires creating a new major-version (v4) of codeql-action.
I got ahead of myself; v4 hasn't been tagged yet.
1a2ce7a
to
d4b5380
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR upgrades the CodeQL Action's Node.js runtime from v20 to v24 for the upcoming v4 release. This represents a major runtime upgrade to modernize the action's execution environment.
Key changes:
- Updated all action.yml files to use Node.js v24 runtime instead of v20
- Updated package.json and build configuration to target Node.js v24
- Updated test fixtures and documentation to reference v4 instead of v3
- Modified CI workflows to test on both Node.js 20 and 24 versions
Reviewed Changes
Copilot reviewed 30 out of 32 changed files in this pull request and generated no comments.
Show a summary per file
File | Description |
---|---|
action.yml files | Updated runtime specification from node20 to node24 for all actions |
package.json | Updated version to 4.30.6 and @types/node to v24.5.2 |
lib/*.js files | Generated JavaScript files updated with new version and Node.js target |
test files | Updated test fixtures to use v4 action references instead of v3 |
build.mjs | Updated esbuild target from node20 to node24 |
workflow files | Updated CI to test on both Node.js 20 and 24 versions |
documentation | Updated README and CONTRIBUTING to reflect v4 support and Node.js 24 requirement |
Files not reviewed (1)
- package-lock.json: Language not supported
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! I only have a very minor suggested change to the README.
Before merging this, we'll need to update the set of required checks — there's instructions on how to do that here: https://github.com/github/codeql-action/blob/main/CONTRIBUTING.md#keeping-the-pr-checks-up-to-date-admin-access-required
Co-authored-by: Henry Mercer <henrymercer@github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for addressing my feedback and tackling this important work!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's hold off on merging this until Monday, and then kick off a release right after we merge.
Also, it looks like there are a couple of merge conflicts to solve. You'll probably need a re-approval after fixing them. |
Weirdly, I don't see those merge conflicts: mario-campos@G49XGKM6FH ~/codeql-action (mario-campos/node24)> git status
On branch mario-campos/node24
Your branch is up to date with 'origin/mario-campos/node24'.
nothing to commit, working tree clean |
@mario-campos Have you run |
# Conflicts: # lib/analyze-action-post.js # lib/analyze-action.js # lib/autobuild-action.js # lib/init-action-post.js # lib/init-action.js # lib/resolve-environment-action.js # lib/start-proxy-action-post.js # lib/start-proxy-action.js # lib/upload-lib.js # lib/upload-sarif-action-post.js # lib/upload-sarif-action.js # package-lock.json # package.json
I think we're good to update the required checks (see these instructions) and kick off a release. Once the v4 release is merged, the release automation should open a backport from v4 to v3. That backport will bring in all the changes from v4, including the bump to |
Risk assessment
For internal use only. Please select the risk level of this change:
v4
tag, once it's released;v3
should continue to work as-is.Merge / deployment checklist