Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-06-19 14:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5fe40f0b2d8c4b9b43effaa5a8af9dcbe0ca94af
awesome-copilot/skills/github-actions-runtime-upgrade-conventions/SKILL.md
T
github-actions[bot] 5fe40f0b2d chore: publish from staged
2026-06-19 00:19:44 +00:00

66 lines
2.8 KiB
Markdown
Raw Blame History

---
name: github-actions-runtime-upgrade-conventions
description: 'Upgrade GitHub Actions to supported runtimes by selecting safe action versions, preserving workflow behavior, and validating post-upgrade execution.'
---
# GitHub Actions Runtime Upgrade Conventions
Use this skill when editing GitHub Actions workflows to address deprecation warnings about action runtimes (for example Node.js runtime migrations).
## Use This Skill When
- Workflow logs report an action is running on a deprecated runtime.
- You are upgrading action versions in `.github/workflows/*.yml` or `.github/workflows/*.yaml`.
- You need to keep existing workflow behavior while modernizing action dependencies.
## Upgrade Rules
- Prefer upgrading to the latest stable **major** version of each action that is compatible with the workflow.
- Prefer immutable pins: resolve the target release to a full commit SHA and use that SHA in `uses:`.
- Do not pin to mutable tags or branches (for example `@v4` or `@main`) in final recommendations.
- Upgrade one action at a time per commit (or one tightly related group) so failures are easy to isolate.
- Keep existing workflow behavior unchanged while upgrading runtime/dependency actions.
## Actions We Track in This Repo
Prioritize runtime review for these groups when warnings appear:
- Any first-party action under `actions/*`
- Especially setup actions under `actions/setup-*` (for example `setup-node`, `setup-python`, `setup-dotnet`)
- Any other action explicitly named by the runtime deprecation warning in workflow logs
## Pinning Pattern
```yaml
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.3.1
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.4
```
When recommending upgrades, identify the latest compatible release first, then use the corresponding commit SHA with an optional version comment.
## Verification Checklist
After changing action versions:
1. Ensure all edited workflows still parse and keep the same triggers/permissions unless intentionally changed.
2. Run the affected workflows (or equivalent local build/test commands) and confirm the upgraded steps complete successfully.
3. Confirm release/signing/artifact steps still produce expected outputs where applicable.
4. Check workflow run logs for any new deprecation warnings or runtime migration notes.
## PR Notes
Include in the PR summary:
- Which actions were upgraded (from -> to).
- Whether any action could not move to a new major and why.
- Which workflows were re-run to validate the change.
## How This Complements Dependabot
Dependabot can automate many updates, but this skill still helps when:
- Dependabot is not enabled for workflows in a repository.
- Runtime warnings appear before an automated update is available.
- A workflow needs behavior-preserving validation after the action bump.
Reference in New Issue View Git Blame Copy Permalink