mirror of
https://github.com/wirenboard/agent-vm.git
synced 2026-07-09 16:00:54 +00:00
ci: bump actions to Node-24 majors + dependabot (mirror from rewrite-microsandbox)
This commit is contained in:
parent
f5bacb5f41
commit
c87d9bfb99
3 changed files with 33 additions and 9 deletions
24
.github/dependabot.yml
vendored
Normal file
24
.github/dependabot.yml
vendored
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
# Automatic version bumps for the action pins in .github/workflows/.
|
||||
# Without this, action majors silently drift behind — we hit exactly
|
||||
# that with the Node 20 → 24 cutover (every action on Node 20 had a
|
||||
# Node-24-on major already shipped but we were pinned to the older
|
||||
# major).
|
||||
#
|
||||
# Submodule and Rust dep updates intentionally NOT enabled here —
|
||||
# bumping vendor/microsandbox needs a careful audit (patched msb +
|
||||
# libkrunfw kernel-config invariants), and Rust dep bumps are
|
||||
# better handled by `cargo update` runs we drive manually.
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
day: "monday"
|
||||
open-pull-requests-limit: 5
|
||||
commit-message:
|
||||
prefix: "ci"
|
||||
labels:
|
||||
- "dependencies"
|
||||
- "github-actions"
|
||||
8
.github/workflows/build-image.yml
vendored
8
.github/workflows/build-image.yml
vendored
|
|
@ -50,10 +50,10 @@ jobs:
|
|||
echo "tag=$(date -u +%Y-%m-%dT%H)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@v4
|
||||
|
||||
- name: Log in to GHCR
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@v4
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
|
|
@ -61,7 +61,7 @@ jobs:
|
|||
|
||||
- name: Build and push
|
||||
id: build
|
||||
uses: docker/build-push-action@v6
|
||||
uses: docker/build-push-action@v7
|
||||
with:
|
||||
context: images
|
||||
file: images/Dockerfile
|
||||
|
|
@ -101,7 +101,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Prune image versions older than 14 days
|
||||
uses: actions/github-script@v7
|
||||
uses: actions/github-script@v9
|
||||
with:
|
||||
script: |
|
||||
const owner = context.repo.owner;
|
||||
|
|
|
|||
10
.github/workflows/release-npm.yml
vendored
10
.github/workflows/release-npm.yml
vendored
|
|
@ -88,7 +88,7 @@ jobs:
|
|||
libcap-ng-dev libdbus-1-dev libsqlite3-dev pkg-config
|
||||
|
||||
- name: Cache cargo registry + target
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.cargo/registry
|
||||
|
|
@ -206,7 +206,7 @@ jobs:
|
|||
chmod +x "$dst/agent-vm" "$dst/msb"
|
||||
|
||||
- name: Upload platform artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@v7
|
||||
with:
|
||||
name: agent-vm-${{ matrix.platform }}
|
||||
path: npm-dist/agent-vm-${{ matrix.platform }}/
|
||||
|
|
@ -225,7 +225,7 @@ jobs:
|
|||
registry-url: 'https://registry.npmjs.org'
|
||||
|
||||
# Download each platform artifact into its own subpackage
|
||||
# directory explicitly. `actions/download-artifact@v5` with
|
||||
# directory explicitly. `actions/download-artifact@v8` with
|
||||
# `pattern:` + a single matched artifact does NOT wrap it in a
|
||||
# subdir (the v5 behaviour change vs v4) — files land flat at
|
||||
# the `path:` root. Downloading by exact `name:` into a
|
||||
|
|
@ -237,13 +237,13 @@ jobs:
|
|||
# checkout; the artifact carries bin/ + lib/ on top of it.
|
||||
# download-artifact will create missing parents.
|
||||
- name: Download linux-x64 artifact
|
||||
uses: actions/download-artifact@v5
|
||||
uses: actions/download-artifact@v8
|
||||
with:
|
||||
name: agent-vm-linux-x64
|
||||
path: npm-dist/agent-vm-linux-x64/
|
||||
|
||||
- name: Verify artifact layout + restore executable bits
|
||||
# `actions/upload-artifact@v4` packs files into a zip that
|
||||
# `actions/upload-artifact@v7` packs files into a zip that
|
||||
# doesn't preserve POSIX permissions. After download, the
|
||||
# binaries land as 0644 — npm publishes them as-is and users
|
||||
# get EACCES on first invocation. Restoring +x here is the
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue