node24-action-upgrades

name: "node24-action-upgrades" description: "Upgrade checked-in GitHub Actions references off deprecated Node 20 runtimes with the smallest safe major bumps." domain: "github-actions" confidence: "high" source: "earned"

Context

Use this when GitHub Actions logs report Node.js 20 actions are deprecated and the repo needs a focused cleanup without rewriting release logic.

Patterns

1. Start from real run warnings, not just static grep, so you know which checked-in refs actually emitted the deprecation message.
2. For each warned action, inspect the candidate major tag's action.yml and confirm runs.using: node24 before changing the workflow.
3. Prefer the first Node24-capable major rather than the newest possible major if that avoids unrelated workflow churn.
4. For composite actions, inspect nested uses: lines too (for example upload-pages-artifact can hide an internal upload-artifact pin).
5. If the latest available upstream tag still declares node20, leave it explicit in the report rather than forcing FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 without validation.

Example mapping

• actions/checkout@v4 -> actions/checkout@v5
• actions/setup-dotnet@v4 -> actions/setup-dotnet@v5
• actions/setup-node@v4 -> actions/setup-node@v5
• actions/upload-artifact@v4 -> actions/upload-artifact@v6
• actions/download-artifact@v4 -> actions/download-artifact@v7
• actions/configure-pages@v4 -> actions/configure-pages@v6
• actions/upload-pages-artifact@v3 -> actions/upload-pages-artifact@v5
• actions/deploy-pages@v4 -> actions/deploy-pages@v5

Anti-Patterns

• Blanket-search-replacing to the latest major without checking runtime metadata.
• Treating composite actions as safe without checking their internal uses: pins.
• Hiding unresolved upstream Node20 actions instead of reporting them plainly.