scylladb

mirrors/scylladb

Fork 0

mirror of https://github.com/scylladb/scylladb.git synced 2026-05-23 08:12:08 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Roy Dahan	d2d7604188	ci: pin GitHub Actions to commit SHAs and migrate to Node.js 24 Pin all external GitHub Actions to full commit SHAs and upgrade to their latest major versions to reduce supply chain attack surface: - actions/checkout: v3/v4/v5 -> v6.0.2 - actions/github-script: v7 -> v8.0.0 - actions/setup-python: v5 -> v6.2.0 - actions/upload-artifact: v4 -> v7.0.0 - astral-sh/setup-uv: v6 -> v8.0.0 - mheap/github-action-required-labels: v5.5.2 (pinned) - redhat-plumbers-in-action/differential-shellcheck: v5.5.6 (pinned) - codespell-project/actions-codespell: v2.2 (pinned, was @master) Set FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true in all 21 workflows that use JavaScript-based actions to opt into the Node.js 24 runtime now. This resolves the deprecation warning: "Node.js 20 actions are deprecated. Please check if updated versions of these actions are available that support Node.js 24. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026." See: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/ scylladb/github-automation references are intentionally left at @main as they are org-internal reusable workflows. Fixes: SCYLLADB-1410 Backport: Backport is required for live branches that run GH actions: 2026.1, 2025.4, 2025.1 and 2024.1 Closes scylladb/scylladb#29421	2026-04-16 13:03:33 +03:00
Kefu Chai	04acf8b075	.github: Add differential-shellcheck workflow for shell script analysis Introduce a new GitHub workflow to run shellcheck on changed shell scripts. This workflow automatically detect and highlight potential shell script issues in pull requests. This change is a follow-up to commit `0700b322` which fixed an undefined variable issue in `install.sh`. It intends to leverage static analysis to improve script quality and catch potential errors early. Shellcheck will now: - Analyze all shell scripts modified in pull requests - Provide inline comments with specific issue details - Help prevent similar variable-related mistakes in the future See also https://github.com/redhat-plumbers-in-action/differential-shellcheck Signed-off-by: Kefu Chai <kefu.chai@scylladb.com> Closes scylladb/scylladb#21755	2024-12-04 13:34:53 +02:00

Roy Dahan

d2d7604188

ci: pin GitHub Actions to commit SHAs and migrate to Node.js 24

Pin all external GitHub Actions to full commit SHAs and upgrade to
their latest major versions to reduce supply chain attack surface:

- actions/checkout: v3/v4/v5 -> v6.0.2
- actions/github-script: v7 -> v8.0.0
- actions/setup-python: v5 -> v6.2.0
- actions/upload-artifact: v4 -> v7.0.0
- astral-sh/setup-uv: v6 -> v8.0.0
- mheap/github-action-required-labels: v5.5.2 (pinned)
- redhat-plumbers-in-action/differential-shellcheck: v5.5.6 (pinned)
- codespell-project/actions-codespell: v2.2 (pinned, was @master)

Set FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true in all 21 workflows that
use JavaScript-based actions to opt into the Node.js 24 runtime now.
This resolves the deprecation warning:

  "Node.js 20 actions are deprecated. Please check if updated versions
   of these actions are available that support Node.js 24. Actions will
   be forced to run with Node.js 24 by default starting June 2nd,
   2026. Node.js 20 will be removed from the runner on September 16th,
   2026."

See: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

scylladb/github-automation references are intentionally left at @main
as they are org-internal reusable workflows.

Fixes: SCYLLADB-1410

Backport: Backport is required for live branches that run GH actions:
2026.1, 2025.4, 2025.1 and 2024.1

Closes scylladb/scylladb#29421

2026-04-16 13:03:33 +03:00

Kefu Chai

04acf8b075

.github: Add differential-shellcheck workflow for shell script analysis

Introduce a new GitHub workflow to run shellcheck on changed shell
scripts. This workflow automatically detect and highlight potential
shell script issues in pull requests. This change is a follow-up to
commit 0700b322 which fixed an undefined variable issue in `install.sh`.
It intends to leverage static analysis to improve script quality and
catch potential errors early.

Shellcheck will now:
- Analyze all shell scripts modified in pull requests
- Provide inline comments with specific issue details
- Help prevent similar variable-related mistakes in the future

See also
https://github.com/redhat-plumbers-in-action/differential-shellcheck

Signed-off-by: Kefu Chai <kefu.chai@scylladb.com>

Closes scylladb/scylladb#21755

2024-12-04 13:34:53 +02:00

2 Commits