feat: add automated Node.js version management workflow #4026
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces an automated workflow to keep Node.js versions current by detecting new LTS releases and creating pull requests with necessary updates.
- Automated Node.js version management for both Node 20.x and 24.x LTS versions
- Weekly scheduling with manual trigger support and smart change detection
- Automated PR creation with proper documentation and reminders for alpine_nodejs releases
.github/workflows/node-upgrade.yml
Outdated
| id: node-versions | ||
| run: | | ||
| # Get latest versions from the versions manifest | ||
| VERSIONS_JSON=$(curl -s https://github.com/actions/node-versions/main/versions-manifest.json) |
There was a problem hiding this comment.
The curl command lacks error handling. If the API is unavailable or returns invalid JSON, the workflow will fail silently or produce unexpected results. Consider adding error checking with curl -f flag and validating the JSON response.
Suggested change
| VERSIONS_JSON=$(curl -s https://github.com/actions/node-versions/main/versions-manifest.json) | |
| VERSIONS_JSON=$(curl -sf https://github.com/actions/node-versions/main/versions-manifest.json) || { echo "Error: Failed to fetch Node versions manifest."; exit 1; } | |
| # Validate that the fetched content is valid JSON | |
| echo "$VERSIONS_JSON" | jq empty || { echo "Error: Fetched manifest is not valid JSON."; exit 1; } |
Comment on lines
+27
to
+54
| CURRENT_NODE20=$(grep "NODE20_VERSION=" src/Misc/externals.sh | cut -d'"' -f2) | ||
| CURRENT_NODE24=$(grep "NODE24_VERSION=" src/Misc/externals.sh | cut -d'"' -f2) |
There was a problem hiding this comment.
The grep commands could fail if the NODE20_VERSION or NODE24_VERSION variables don't exist in externals.sh, causing the workflow to fail. Add error handling or use grep with the -o flag to ensure proper extraction.
Suggested change
| CURRENT_NODE20=$(grep "NODE20_VERSION=" src/Misc/externals.sh | cut -d'"' -f2) | |
| CURRENT_NODE24=$(grep "NODE24_VERSION=" src/Misc/externals.sh | cut -d'"' -f2) | |
| CURRENT_NODE20=$(grep -oP 'NODE20_VERSION="\K[^"]+' src/Misc/externals.sh || true) | |
| CURRENT_NODE24=$(grep -oP 'NODE24_VERSION="\K[^"]+' src/Misc/externals.sh || true) |
salmanmkc
added a commit
to salmanmkc/runner
that referenced
this pull request
Sep 9, 2025
## NPM Audit Fix with TypeScript Auto-Repair - Automated security vulnerability detection and fixes for hashFiles dependencies - Intelligent TypeScript compatibility auto-repair after npm updates - Graduated response strategy for different vulnerability severities - Weekly schedule (Mondays at 7 AM) plus manual triggers ## Key Features - ✅ **Security-focused**: Only creates PRs when moderate+ vulnerabilities found - ✅ **TypeScript auto-repair**: Fixes @types/node compatibility issues automatically - ✅ **Multi-step recovery**: Clean reinstall, dependency resolution, build verification - ✅ **Graduated response**: force-fix for critical/high vulnerabilities only - ✅ **Build validation**: Ensures code compiles after automated fixes - ✅ **Enhanced PR details**: Shows audit status, fixes applied, build status ## Security Enhancements - ✅ **Proper error handling**: No vulnerability masking with '|| true' - ✅ **Transparent reporting**: Clear distinction between success/partial/failed states - ✅ **Audit level checking**: moderate, high, critical severity handling - ✅ **Force-fix safety**: Only for critical/high vulnerabilities ## Dependencies - **Requires**: Labels from actions#4024 (dependency, security, typescript, needs-manual-review) - **Integrates with**: Monitoring from actions#4025 - **Complements**: Node version management from actions#4026 This workflow ensures npm dependencies stay secure while maintaining TypeScript compatibility and build stability.
This was referenced Sep 9, 2025
TingluoHuang
reviewed
Sep 9, 2025
.github/workflows/node-upgrade.yml
Outdated
| id: node-versions | ||
| run: | | ||
| # Get latest versions from the versions manifest | ||
| VERSIONS_JSON=$(curl -s https://github.com/actions/node-versions/main/versions-manifest.json) |
Member
There was a problem hiding this comment.
I think we should use https://github.com/actions/alpine_nodejs/releases and https://github.com/nodejs/node/releases to help decide which version is good for us.
Contributor
Author
There was a problem hiding this comment.
Good point, updated
TingluoHuang
reviewed
Sep 9, 2025
.github/workflows/node-upgrade.yml
Outdated
| ALPINE_RELEASES=$(curl -s https://api.github.com/repos/actions/alpine_nodejs/releases | jq -r '.[].tag_name') | ||
|
|
||
| if ! echo "$ALPINE_RELEASES" | grep -q "^node20-$LATEST_NODE20$"; then | ||
| echo "Warning: Node 20 version $LATEST_NODE20 not found in alpine_nodejs releases" |
Member
There was a problem hiding this comment.
should we use the warning command?
ex:
echo "::warning file=app.js,line=1,col=5,endColumn=7,title=YOUR-TITLE::Missing semicolon"
TingluoHuang
approved these changes
Sep 10, 2025
## Node.js Version Upgrade Workflow - Automatically checks for latest Node 20.x and 24.x versions - Updates NODE20_VERSION and NODE24_VERSION in src/Misc/externals.sh - Creates PRs when newer versions are available - Weekly schedule (Mondays at 6 AM) plus manual triggers ## Key Features - ✅ Dual Node version support (Node 20 LTS + Node 24 LTS) - ✅ Fetches versions from actions/node-versions manifest - ✅ Smart change detection (only creates PR if versions differ) - ✅ Proper git operations with --no-verify for automated commits - ✅ Includes alpine_nodejs release reminder for manual follow-up ## Dependencies - Requires dependency labels from actions#4024 - Works with monitoring from actions#4025 This workflow ensures the runner stays current with supported Node.js versions while maintaining dual-version compatibility.
## Enhanced Version Detection Strategy - **Primary source**: Official Node.js GitHub releases API - **Compatibility check**: Verify versions exist in alpine_nodejs releases - **Smart fallback**: Use latest available alpine version if official version not ready ## Key Improvements - ✅ More reliable than third-party versions manifest - ✅ Ensures alpine_nodejs compatibility before updating - ✅ Prevents workflow failures from version mismatches - ✅ Better logging and error handling - ✅ Uses official GitHub APIs for both Node.js and alpine_nodejs ## Sources Used - Node.js releases: https://github.com/nodejs/node/releases - Alpine compatibility: https://github.com/actions/alpine_nodejs/releases This approach provides better control and reliability for Node.js version management while ensuring container compatibility.
27c5605 to
f32279f
Compare
fmartinez255
pushed a commit
to TiVo/actions-runner
that referenced
this pull request
Oct 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR adds automated Node.js version management to keep the runner current with the latest LTS versions.
What's Added
🔄 Node.js Version Upgrade Workflow (
.github/workflows/node-upgrade.yml)NODE20_VERSIONandNODE24_VERSIONinsrc/Misc/externals.shKey Features
Dependencies
dependencylabel)Testing
Next Steps
This ensures the runner stays current with supported Node.js versions while maintaining dual-version compatibility for GitHub Actions.