Clean up CI labels and Node 24 workflow settings

Author: maureeungaro

.github/workflows/binary_tarballs.yml

@@ -5,6 +5,9 @@ permissions:
   actions: read
   contents: write
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
 concurrency:
   group: gemc-binary-tarballs-${{ github.event.workflow_run.id || github.ref }}
   cancel-in-progress: true

.github/workflows/codeql.yml

@@ -1,5 +1,8 @@
 name: "CodeQL Advanced"
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
 on:
   push:
     branches: [ "main" ]
@@ -29,9 +32,6 @@ jobs:
     #   - https://gh.io/using-larger-runners (GitHub.com only)
     # Consider using larger runners or machines with greater resources for possible analysis time improvements.
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
-    # Use a container with G4 installed
-    container: ghcr.io/gemc/g4install:11.4.0-ubuntu-24.04
-
     permissions:
       # required for all workflows
       security-events: write
@@ -50,7 +50,7 @@ jobs:
           - language: actions
             build-mode: none
           - language: c-cpp
-            build-mode: manual
+            build-mode: none
           - language: python
             build-mode: none
         # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
@@ -99,30 +99,6 @@ jobs:
           # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # queries: security-extended,security-and-quality
 
-      # If the analyze step fails for one of the languages you are analyzing with
-      # "We were unable to automatically build your code", modify the matrix above
-      # to set the build mode to "manual" for that language. Then modify this step
-      # to build your code.
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-      - if: matrix.build-mode == 'manual'
-        shell: bash
-        env:
-          GEMC_SKIP_PYTHON_ENV_INSTALL: "1"
-        run: |
-          echo "Starting manual build for CodeQL..."
-
-          apt-get update
-          apt-get install -y python3-venv
-
-          export DOCKER_ENTRYPOINT_SOURCE_ONLY=1
-          . /usr/local/bin/docker-entrypoint.sh
-          module load geant4
-
-          ./ci/build.sh
-
-          echo "Manual build finished."
-
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v4
         env:

.github/workflows/dockers_deploy_and_test.yml

@@ -8,6 +8,7 @@ permissions:
 env:
   GEMC_TAG: dev           # default gemc tag
   GEANT4_TAG: 11.4.1      # default geant4 tag
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 
 concurrency:
   group: gemc-images-${{ github.ref }}
@@ -71,7 +72,7 @@ jobs:
   # uses matrix_build
   build_arch:
     if: ${{ github.event_name != 'pull_request' }}
-    name: ${{ matrix.gemc_tag }} [${{ matrix.image }}/${{ matrix.image_tag }} ${{ matrix.arch }}]
+    name: ${{ matrix.image }}/${{ matrix.image_tag }} ${{ matrix.arch }}
     needs: [ overview, discover ]
     runs-on: ${{ matrix.runner }}
     strategy:
@@ -205,7 +206,7 @@ jobs:
   # from already-pushed per-arch image tags.
   manifest:
     if: ${{ github.event_name != 'pull_request' }}
-    name: ${{ matrix.gemc_tag }} [${{ matrix.image }}/${{ matrix.image_tag }}]
+    name: ${{ matrix.image }}/${{ matrix.image_tag }}
     needs: [ build_arch, discover ]
     runs-on: ubuntu-latest
     # If arm64 was skipped (e.g., archlinux), still publish amd64-only manifest.

.github/workflows/doxygen.yml

@@ -3,6 +3,9 @@ permissions:
   contents: read
   pull-requests: write
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
 on:
   push:
     branches:
@@ -34,6 +37,7 @@ jobs:
   deploy-doxygen:
     needs: build-doxygen
     permissions:
+      actions: read
       pages: write
       id-token: write
     environment:

.github/workflows/sanitize.yml

@@ -2,6 +2,9 @@ name: Sanitize
 permissions:
   contents: read
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
 concurrency:
   group: sanitize-${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -56,7 +59,7 @@ jobs:
           echo '${{ steps.scan.outputs.matrix_sanitize }}'
 
   build-with-sanitizer:
-    name: ${{ matrix.gemc_tag }} [${{ matrix.baseos }}/${{ matrix.baseos_tag }} ${{ matrix.arch }}] ${{ matrix.sanitizer }}
+    name: ${{ matrix.baseos }}/${{ matrix.baseos_tag }} ${{ matrix.arch }} ${{ matrix.sanitizer }}
     needs: [ discover ]
     strategy:
       fail-fast: false

releases/0.3.md

@@ -16,6 +16,9 @@ This version includes:
   images using runtime packages only. These tests install Geant4 datasets into
   the unpacked tarball and run `gemc -v` plus smoke tests after the tarballs are
   attached to the `dev` release.
+- Cleaned up CI job labels, opted JavaScript-based workflow actions into
+  Node.js 24, and adjusted CodeQL to avoid the Actions overlay-base fallback
+  warning.
 - Isolated ROOT linkage to the ROOT gstreamer plugin so the main `gemc`
   executable can run without ROOT shared libraries.
 - Removed the need for GEMC-specific environment variables in Python example
@@ -44,7 +47,7 @@ This version includes:
 - Updated the Cherenkov homepage documentation for the neutral radiator
   variations and one-electron quick workflow.
 - Updated the Cherenkov example documentation to use a one-electron quick
-  workflow and to note that demonstration optical constants may be unphysical.
+  workflow and to note that optical constants may be unphysical in the demo. 
 
 <br/>
 
@@ -53,6 +56,9 @@ This version includes:
 - Added a `Binary Tarballs` workflow that uploads deploy-produced tarballs to
   the `dev` release and then tests those release assets. It can also run the
   same install checks on a nightly schedule or by manual dispatch.
+- Removed redundant `dev` prefixes from deploy and sanitizer matrix job names.
+- Updated CodeQL to use `build-mode: none` for all analyzed languages and
+  removed the manual Geant4 container build from the analysis workflow.
 - Added analyzer coverage in `pygemc` for y-vs-x plotting and CLI image output.
 
 <br/>