Skip to content

MOBILE-121: Bump GitHub Actions to supported Node runtimes#201

Merged
sergeysozinov merged 4 commits into
developfrom
feature/MOBILE-121
Jun 17, 2026
Merged

MOBILE-121: Bump GitHub Actions to supported Node runtimes#201
sergeysozinov merged 4 commits into
developfrom
feature/MOBILE-121

Conversation

@sergeysozinov

@sergeysozinov sergeysozinov commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

https://tracker.yandex.ru/MOBILE-121

What changed

  • Bumped all actions to current majors and pinned them by SHA: checkout v6,
    setup-java v5, github-script v9, find-comment v4, create-or-update-comment v5,
    gitleaks-action v3, subosito/flutter-action v2.23.0, plus the docker actions
    (sakebook pub-publisher, jackbilestech/semver-compare) pinned at their current
    versions.
  • Releases: replaced the archived actions/create-release@v1 with
    gh release create --target "$branch", extracted into a shared
    .github/git-release-ci.sh helper (same approach as android-sdk/ios-sdk) called
    once per published package. The script is idempotent (skips an already-published
    tag) and sets the release notes to link to the
    Flutter SDK docs. This removes
    the last third-party release action — gh is pre-installed on the runner, so
    there's nothing left to pin or bump for release creation.
  • Replaced deprecated ::set-output with $GITHUB_OUTPUT (×3).
  • Removed the unused message-to-loop-if-success job (LOOP notifications are no
    longer used).
  • Added .github/dependabot.yml (github-actions, weekly, grouped) to keep action
    versions current automatically.
  • Minor cleanup: dropped the broken issue_comment trigger in
    pr-description-validate.yml (re-validation is already handled by
    pull_request: edited); hardened the local release helper scripts.

@sergeysozinov sergeysozinov requested a review from Copilot June 17, 2026 09:23
Copilot AI reviewed Jun 17, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repo’s GitHub Actions workflows and helper scripts to use supported Node runtimes by bumping actions to current majors, pinning them by SHA, and replacing the archived release action with a gh-based release helper.

Changes:

  • Bumped/pinned GitHub Actions (e.g., checkout, setup-java, github-script, gitleaks) and replaced deprecated ::set-output usages with $GITHUB_OUTPUT.
  • Replaced actions/create-release with an idempotent .github/git-release-ci.sh wrapper around gh release create.
  • Added Dependabot configuration for weekly GitHub Actions updates and tightened workflow permissions/secrets wiring.

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
version-update.sh Hardens the script (strict mode) used to update README dependency version.
git-release-branch.sh Hardens local release-branch helper (strict mode, safer read, quoting).
.github/workflows/release-version-check.yml Pins actions by SHA and tightens conditions/env usage for version checks.
.github/workflows/publish-reusable.yml Refactors publishing workflow to use gh release helper; replaces set-output; adjusts permissions/secrets.
.github/workflows/publish-manual.yml Updates permissions and explicitly passes required secrets into the reusable publish workflow.
.github/workflows/publish-from-master-or-support.yml Updates permissions and explicitly passes required secrets into the reusable publish workflow.
.github/workflows/publish-dry-run.yml Pins actions by SHA and adds minimal permissions.
.github/workflows/pr-description-validate.yml Removes unused issue_comment trigger; pins actions; scopes permissions for commenting.
.github/workflows/manual-prepare_release_branch.yml Hardens validation/branch existence checks; improves env handling; pins checkout.
.github/workflows/gitleaks-secrets-validate.yml Pins checkout and gitleaks action; adds minimal permissions.
.github/workflows/distribute-reusable.yml Pins checkout; hardens multiline env export to $GITHUB_ENV.
.github/workflows/distribute-release-support-mission.yml Removes secrets: inherit in favor of explicit secret mapping; adds permissions.
.github/workflows/distribute-manual.yml Removes secrets: inherit in favor of explicit secret mapping; adds permissions.
.github/workflows/distribute-develop-mission.yml Removes secrets: inherit in favor of explicit secret mapping; adds permissions.
.github/workflows/analyze_and_test.yml Pins actions; bumps Java setup action and sets Java 17.
.github/git-release-ci.sh New helper to create GitHub releases via gh, idempotently.
.github/dependabot.yml New Dependabot config to keep GitHub Actions dependencies updated.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread version-update.sh Outdated
Comment thread .github/git-release-ci.sh Outdated
@sergeysozinov sergeysozinov requested a review from justSmK June 17, 2026 10:40
@sergeysozinov sergeysozinov merged commit d922499 into develop Jun 17, 2026
9 checks passed
@sergeysozinov sergeysozinov deleted the feature/MOBILE-121 branch June 17, 2026 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@justSmK justSmK justSmK approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sergeysozinov @justSmK