chore: bump action runtime to node24 (v0 backport)#116
Merged
Conversation
ronens88
added a commit
that referenced
this pull request
May 8, 2026
The v0 maintenance branch needs CI gating for backports like the node24 bump (#116). Without this, PRs into release/v0 silently skip the verify suite. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Backport of #115 to the v0 line. GitHub forces Node 24 on runners June 2 and removes Node 20 support September 16, after which the action would fail to start on Node-20-pinned runtimes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ronens88
force-pushed
the
chore/node24-bump-v0
branch
from
f246913 to
419614f
Compare
RoniCycode
approved these changes
May 10, 2026
ronens88
added a commit
that referenced
this pull request
May 16, 2026
…38 upgrade (#118) * ci: trigger verify-pr on PRs targeting release/v0 The v0 maintenance branch needs CI gating for backports like the node24 bump (#116). Without this, PRs into release/v0 silently skip the verify suite. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: bump action runtime to node24 Backport of #115 to the v0 line. GitHub forces Node 24 on runners June 2 and removes Node 20 support September 16, after which the action would fail to start on Node-20-pinned runtimes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(attest): Windows support in cimon-action/attest When process.platform is win32 the action now fetches the cimon_windows_x86_64.zip release asset from cycodelabs/cimon-releases (rather than the Linux-only install.sh), extracts it to RUNNER_TEMP/cimon, and invokes the resulting cimon.exe. Linux path is unchanged. Adds @actions/tool-cache and @actions/http-client deps for cross-platform download + zip extraction. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * build(attest): upgrade ncc to 0.38.4 for proper ESM/CJS interop on Node 24 * fix(attest): authenticate the latest-release lookup on Windows The Windows path called https://api.github.com/repos/cycodelabs/cimon-releases/releases/latest unauthenticated, which uses GitHub's per-IP REST limit (60 req/h). Busy self-hosted runner fleets behind one egress IP can blow through that and fail before cimon.exe is downloaded. The action already accepts github-token (defaults to github.token); plumb it through to the latest-release lookup as Bearer auth and pass it to tc.downloadTool so private mirrors work too. Warn if no token is present. Reported by review on PR #118. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v0.10.0tag.using: node20→using: node24inaction.ymlandattest/action.yml.@v0/@v0.10.0break on September 16, 2026 when GitHub removes Node 20 support.Why a v0 backport
@v0may be on v0 deliberately (haven't validated v1 hardening behavior, or v1 conflicts with their setup). Forcing them to v1 just to get a Node bump would couple the two changes unfairly.Test plan
verify-prworkflow passes on this PRv0.10.1onrelease/v0, move floatingv0tag