You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Merge the "release/v2.2.0+node25.9.0" branch into the "maintenance/v2+node25" branch
This merge promotes `release/v2.2.0+node25.9.0` into `maintenance/v2+node25`, marking the next minor release on the Node.js 25 maintenance line. It consolidates five development cycles: the Node.js base image bump from `25.8.2` to `25.9.0`, the PR test workflow move from Docker Hub-pushed images to OCI artifact handoff, the `docker/build-push-action` upgrade to `v7` in both workflows, the release workflow attestation update to signed `mode=max` provenance and SBOM output, and documentation updates aligning examples and CI/CD tooling references with the current release state.
In `Dockerfile`, the builder stage base image is updated from `node:25.8.2-alpine3.23` to `node:25.9.0-alpine3.23`, bumping the bundled Node.js runtime from `25.8.2` to `25.9.0`. In `.github/workflows/pr-tests.yml`, the PR image flow no longer pushes test images to Docker Hub; `Build Image` changes from `push: true` to `push: false` with `outputs: type=oci,dest=image.tar`, a new `Upload Docker Image Artifact` step persists the OCI archive, `Download Docker Image Artifact` and `Extract single-arch image with Skopeo` load per-architecture images for the test matrix, all smoke and integrity checks now target the locally extracted per-architecture image tags, and a new `artifact-clean-up` job removes the uploaded artifact after testing completes. The same workflow also updates `uses: docker/build-push-action@v6` to `uses: docker/build-push-action@v7` in `Build Image`, while `.github/workflows/deployment.yml` updates `uses: docker/build-push-action@v5` to `uses: docker/build-push-action@v7` in `Build and push (multi-registry, multi-platform)`.
In `.github/workflows/deployment.yml`, the top-level `permissions:` block now adds `id-token: write` so the release job can mint the OIDC token required for attestation signing, and the multi-platform build step replaces `provenance: true` and `sbom: true` with `attests:` entries `type=provenance,mode=max` and `type=sbom,mode=max`. In `CONTRIBUTING.md`, the Node.js Version Bumps example is updated from `node:25.8.2-alpine3.23` to `node:25.9.0-alpine3.23`. In `README.md`, the Versioning and Tags example is updated from `v2.1.3+node25.8.2` to `v2.2.0+node25.9.0`, and the `CI/CD & Build Tooling` section adds `actions/upload-artifact`, `actions/download-artifact`, `geekyeggo/delete-artifact`, `chrnorm/deployment-action`, and `chrnorm/deployment-status`.
No migration steps are required beyond updating to `v2.2.0+node25.9.0` on the `maintenance/v2+node25` line.
Copy file name to clipboardExpand all lines: CONTRIBUTING.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -78,7 +78,7 @@ All pull requests must:
78
78
79
79
## Node.js Version Bumps
80
80
81
-
Node.js version upgrades are tracked as versioned releases. Requests must include the official Alpine Node image tag (for example, `node:25.8.2-alpine3.23`) and are expected to trigger a semver release bump for the image.
81
+
Node.js version upgrades are tracked as versioned releases. Requests must include the official Alpine Node image tag (for example, `node:25.9.0-alpine3.23`) and are expected to trigger a semver release bump for the image.
Check the GitHub Releases page for the current tag and Node.js version.
@@ -243,6 +243,16 @@ Runtime Node exists because of a small set of outstanding open-source projects t
243
243
244
244
[**actions/checkout**](https://github.com/actions/checkout) — GitHub Action used to check out the repository code in every workflow job.
245
245
246
+
[**actions/upload-artifact**](https://github.com/actions/upload-artifact) — GitHub Action used to persist build artifacts between workflow jobs during validation.
247
+
248
+
[**actions/download-artifact**](https://github.com/actions/download-artifact) — GitHub Action used to retrieve previously uploaded build artifacts for later verification steps.
249
+
250
+
[**geekyeggo/delete-artifact**](https://github.com/geekyeggo/delete-artifact) — GitHub Action used to clean up temporary workflow artifacts after validation completes.
251
+
252
+
[**chrnorm/deployment-action**](https://github.com/chrnorm/deployment-action) — GitHub Action used to create GitHub Deployment records for release and promotion workflow runs.
253
+
254
+
[**chrnorm/deployment-status**](https://github.com/chrnorm/deployment-status) — GitHub Action used to publish in-progress, success, and failure states back to the associated GitHub Deployment.
0 commit comments