ci: bump all GH actions to Node-24 majors + add Dependabot

The Node 20 → 24 cutover is coming (forced June 2 2026, removal
Sept 16 2026). Every action we use already has a Node-24
major released — we were pinned to stale ones, hence the deprecation
warnings in the prior runs:

  actions/cache@v4              → @v5
  actions/upload-artifact@v4    → @v7
  actions/download-artifact@v5  → @v8
  actions/github-script@v7      → @v9
  docker/build-push-action@v6   → @v7
  docker/login-action@v3        → @v4
  docker/setup-buildx-action@v3 → @v4

The big leaps (artifact actions v4→v7, github-script v7→v9) are
because the maintainers cut MULTIPLE majors between Node 20 and
Node 24; we're just catching up.

Also enable Dependabot for github-actions on a weekly cadence so
we don't drift again. Submodule + Rust deps explicitly NOT
auto-updated — they need careful audits.

Bumps to v0.1.3 to exercise the upgraded actions end-to-end.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Evgeny Boger 2026-05-25 14:27:41 +03:00
parent 9a66b4bfa8
commit 31b24ccbdb
8 changed files with 37 additions and 26 deletions

24
.github/dependabot.yml vendored Normal file
View file

@ -0,0 +1,24 @@
# Automatic version bumps for the action pins in .github/workflows/.
# Without this, action majors silently drift behind — we hit exactly
# that with the Node 20 → 24 cutover (every action on Node 20 had a
# Node-24-on major already shipped but we were pinned to the older
# major).
#
# Submodule and Rust dep updates intentionally NOT enabled here —
# bumping vendor/microsandbox needs a careful audit (patched msb +
# libkrunfw kernel-config invariants), and Rust dep bumps are
# better handled by `cargo update` runs we drive manually.
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
commit-message:
prefix: "ci"
labels:
- "dependencies"
- "github-actions"

View file

@ -50,10 +50,10 @@ jobs:
echo "tag=$(date -u +%Y-%m-%dT%H)" >> "$GITHUB_OUTPUT"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -61,7 +61,7 @@ jobs:
- name: Build and push
id: build
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: images
file: images/Dockerfile
@ -101,7 +101,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Prune image versions older than 14 days
uses: actions/github-script@v7
uses: actions/github-script@v9
with:
script: |
const owner = context.repo.owner;

View file

@ -88,7 +88,7 @@ jobs:
libcap-ng-dev libdbus-1-dev libsqlite3-dev pkg-config
- name: Cache cargo registry + target
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: |
~/.cargo/registry
@ -206,7 +206,7 @@ jobs:
chmod +x "$dst/agent-vm" "$dst/msb"
- name: Upload platform artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: agent-vm-${{ matrix.platform }}
path: npm-dist/agent-vm-${{ matrix.platform }}/
@ -225,7 +225,7 @@ jobs:
registry-url: 'https://registry.npmjs.org'
# Download each platform artifact into its own subpackage
# directory explicitly. `actions/download-artifact@v5` with
# directory explicitly. `actions/download-artifact@v8` with
# `pattern:` + a single matched artifact does NOT wrap it in a
# subdir (the v5 behaviour change vs v4) — files land flat at
# the `path:` root. Downloading by exact `name:` into a
@ -237,13 +237,13 @@ jobs:
# checkout; the artifact carries bin/ + lib/ on top of it.
# download-artifact will create missing parents.
- name: Download linux-x64 artifact
uses: actions/download-artifact@v5
uses: actions/download-artifact@v8
with:
name: agent-vm-linux-x64
path: npm-dist/agent-vm-linux-x64/
- name: Verify artifact layout + restore executable bits
# `actions/upload-artifact@v4` packs files into a zip that
# `actions/upload-artifact@v7` packs files into a zip that
# doesn't preserve POSIX permissions. After download, the
# binaries land as 0644 — npm publishes them as-is and users
# get EACCES on first invocation. Restoring +x here is the

2
Cargo.lock generated
View file

@ -21,7 +21,7 @@ dependencies = [
[[package]]
name = "agent-vm"
version = "0.1.2"
version = "0.1.0"
dependencies = [
"anyhow",
"base64",

View file

@ -6,7 +6,7 @@ members = ["crates/agent-vm"]
exclude = ["vendor/microsandbox"]
[workspace.package]
version = "0.1.2"
version = "0.1.3"
edition = "2024"
license = "MIT"
repository = "https://github.com/wirenboard/agent-vm"

View file

@ -408,7 +408,6 @@ pub async fn launch(agent: Agent, args: Args) -> Result<i32> {
.inject_basic_auth(false)
.allow_host(ANTHROPIC_API_HOST)
.allow_host(ANTHROPIC_OAUTH_HOST)
.allow_host(ANTHROPIC_MCP_PROXY_HOST)
});
}
if let Some(file) = openai {
@ -783,7 +782,7 @@ pub async fn launch(agent: Agent, args: Args) -> Result<i32> {
}
/// Best-effort hint at where msb writes a sandbox's per-launch
/// logs. The directory contains several files worth checking on a
/// logs. The directory contains three files worth checking on a
/// failed launch:
///
/// - `runtime.log` — msb tracing + Rust panic from the sandbox
@ -795,13 +794,6 @@ pub async fn launch(agent: Agent, args: Args) -> Result<i32> {
/// up far enough to write into the two above (vendor
/// `boot_error.rs` is the canonical source of "couldn't boot
/// because X").
/// - `msb.stderr.log` — raw libkrun / kernel-printk bytes that
/// bypass the in-process log capture (vendor `runtime::spawn`
/// tees msb's stderr here so a SIGABRT panic line survives even
/// when the in-process logger died mid-drain).
/// - `msb-exit.log` — one append-only line per boot recording the
/// msb subprocess's exit status (vendor `runtime::handle::wait`).
/// Useful for "did this boot SIGKILL?" without reproducing.
///
/// Returning a *directory* rather than a single file lets the user
/// `ls` it and pick whichever is non-empty, instead of following a

View file

@ -90,11 +90,6 @@ pub const GH_TOKEN_PLACEHOLDER: &str = "msb-gh-placeholder-v2";
pub const ANTHROPIC_API_HOST: &str = "api.anthropic.com";
pub const ANTHROPIC_OAUTH_HOST: &str = "platform.claude.com";
/// Claude Code's MCP relay endpoint. Claude Code's HTTP client sends
/// the same Anthropic access token here, so the secret substitution
/// has to allow this destination too — otherwise the placeholder
/// trips the violation scan and the conn gets dropped, breaking MCP.
pub const ANTHROPIC_MCP_PROXY_HOST: &str = "mcp-proxy.anthropic.com";
pub const OPENAI_API_HOST: &str = "api.openai.com";
pub const OPENAI_CHATGPT_HOST: &str = "chatgpt.com";
pub const OPENAI_OAUTH_HOST: &str = "auth.openai.com";

2
vendor/microsandbox vendored

@ -1 +1 @@
Subproject commit fd1b31b120e6fd619fe50b27d792fdb57560f05e
Subproject commit 4ad3a67f91e237aea2e4e295a086675ae37dddde