ci: upgrade actions

[baerwang]

https://github.blog/changelog/2024-09-25-end-of-life-for-actions-node16/

Summary by CodeRabbit

• Chores
  • Updated the actions/checkout action version from v3 to v4 across multiple GitHub Actions workflow files to enhance performance and security.
  • Updated the actions/setup-go action version from v3 to v5 in relevant workflows while keeping the Go version consistent at 1.19.

[coderabbitai]

Walkthrough

The pull request involves updates to multiple GitHub Actions workflow files, primarily focusing on upgrading the versions of the actions/checkout and actions/setup-go actions. The actions/checkout action was updated from version v3 to v4, and the actions/setup-go action was updated from version v3 to v5 in several workflow files. These changes do not affect the overall logic or functionality of the workflows.

Changes

Files	Change Summary
.github/workflows/codeql.yml	Updated actions/checkout from v3 to v4.
.github/workflows/codis.yml, .github/workflows/pika.yml	Updated actions/checkout from v3 to v4 and actions/setup-go from v3 to v5.
.github/workflows/publish_nightly_docker_image.yml,	Updated actions/checkout from v3 to v4.
.github/workflows/publish_release_docker_image.yml,	Updated actions/checkout from v3 to v4.
.github/workflows/release.yml	Updated actions/checkout from v3 to v4.
.github/workflows/tools_go.yml	Updated actions/checkout from v3 to v4 and actions/setup-go from v3 to v5.

Sequence Diagram(s)

sequenceDiagram
    participant A as GitHub Actions
    participant B as Repository
    participant C as CodeQL Tools

    A->>B: Checkout code (v4)
    A->>C: Initialize CodeQL tools

Loading

🐇 In the meadow, changes bloom,
Upgraded actions, clear the gloom.
From v3 to v4, we hop and play,
With tools so bright, we seize the day!
Let's code and build, with joy we'll sing,
For every change, a new spring! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (4)

.github/workflows/codis.yml (1)

Line range hint 1-58: Overall workflow update looks good, with room for further improvements

The updates to actions/checkout and actions/setup-go are positive changes that keep the workflow up-to-date. These changes are consistent across jobs and follow good practices.

Here are some suggestions for further improvements:

1. Consider updating the Go version from 1.19 to a more recent version, as mentioned earlier.
2. Review other actions used in this workflow to see if they can also be updated to their latest versions. For example:
   • docker/setup-qemu-action (currently v2)
   • docker/setup-buildx-action (currently v2)
   • docker/metadata-action and docker/build-push-action (currently using commit hashes)

To help with updating other actions, you can run the following script to check for the latest versions:

#!/bin/bash
# Description: Check for latest versions of actions used in the workflow

echo "Latest version of docker/setup-qemu-action:"
gh release list --repo docker/setup-qemu-action --limit 1

echo "Latest version of docker/setup-buildx-action:"
gh release list --repo docker/setup-buildx-action --limit 1

echo "Latest version of docker/metadata-action:"
gh release list --repo docker/metadata-action --limit 1

echo "Latest version of docker/build-push-action:"
gh release list --repo docker/build-push-action --limit 1

Review the output and consider updating these actions to their latest stable versions if applicable.

.github/workflows/release.yml (1)

Line range hint 1-105: Consider checking for updates to other actions and commendation on workflow structure

Great job on updating the actions/checkout action to v4. The overall structure of your workflow is well-organized, with separate jobs for different build environments. Here are a few suggestions:

1. While you've updated the checkout action, it might be worth checking if there are updates available for other actions used in this workflow. For example:

   • softprops/action-gh-release@v1 (current usage is good, but verify if there are any new features in later versions that might be beneficial)

2. The use of matrix strategy for building on different OS versions is an efficient approach. Good job on that!

3. The separate job for Rocky Linux using a container is a nice touch for ensuring compatibility.

.github/workflows/publish_nightly_docker_image.yml (1)

Line range hint 1-124: Consider updating other actions in the workflow.

While the update to actions/checkout@v4 is correctly and consistently applied across all jobs, I noticed that some other actions in the workflow are using specific commit hashes or older versions. To improve maintainability and ensure you're using the latest features and bug fixes, consider:

1. Updating docker/setup-qemu-action@v2 and docker/setup-buildx-action@v2 to their latest versions.
2. Using version tags instead of commit hashes for docker/login-action, docker/metadata-action, and docker/build-push-action.

This will make future updates easier and ensure you're using the most up-to-date and secure versions of these actions.

.github/workflows/pika.yml (1)

162-165: LGTM! Consistent action updates across all jobs.

The updates to actions/checkout@v4 and actions/setup-go@v5 in the build_on_macos job are consistent with the changes in the other jobs. This consistency is excellent for maintaining parity across all build environments.

Consider using a matrix strategy to reduce duplication across jobs, as the setup steps are very similar for all environments. This could make the workflow more maintainable. Here's an example of how you could start refactoring:

jobs:
  build:
    strategy:
      matrix:
        os: [ubuntu-latest, rockylinux:9, macos-12]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: 1.19
      # ... rest of the steps

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 5431d0c and acad05a.

📒 Files selected for processing (7)

• .github/workflows/codeql.yml (1 hunks)
• .github/workflows/codis.yml (2 hunks)
• .github/workflows/pika.yml (4 hunks)
• .github/workflows/publish_nightly_docker_image.yml (3 hunks)
• .github/workflows/publish_release_docker_image.yml (3 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/tools_go.yml (2 hunks)

🔇 Additional comments (19)

.github/workflows/tools_go.yml (3)

18-18: LGTM: Action version updates are appropriate.

The updates to actions/checkout@v4 and actions/setup-go@v5 are good improvements. These updates bring performance enhancements, bug fixes, and security improvements without breaking changes.

Also applies to: 21-21

---

35-35: LGTM: Consistent updates across jobs.

The updates to actions/checkout@v4 and actions/setup-go@v5 are consistently applied in both jobs. This maintains uniformity in the workflow and ensures both tools benefit from the latest improvements in these actions.

Also applies to: 38-38

---

18-23: Verify the impact of action updates on the build process.

The updates to actions/checkout and actions/setup-go are consistently applied across both jobs and should improve the workflow without breaking changes. However, it's important to verify that these updates don't unexpectedly affect the build process.

Run the following script to check if the workflow runs successfully with the new action versions:

If the conclusion is "success", the updates have not negatively impacted the build process.

Also applies to: 35-40

.github/workflows/codis.yml (3)

37-37: Approved: Consistent update of actions/checkout to v4

This change mirrors the update in the build job, maintaining consistency across the workflow. It's a good practice to keep action versions synchronized across different jobs.

---

20-22: Approved: actions/setup-go updated to v5, but consider updating Go version

The update from v3 to v5 of actions/setup-go is a good practice to keep the workflow using the latest stable version. This change is likely to bring performance improvements and new features.

To ensure there are no breaking changes that might affect the workflow, please run the following script to check the changelog:

#!/bin/bash
# Description: Fetch and display the changelog for actions/setup-go v5

gh release view v5 --repo actions/setup-go

Review the output to confirm that there are no breaking changes that could impact this workflow.

Consider updating the Go version from 1.19 to a more recent version, such as 1.21. This would allow you to take advantage of the latest language features and performance improvements. Here's a suggested change:

  uses: actions/setup-go@v5
  with:
-   go-version: 1.19
+   go-version: 1.21

Before making this change, ensure that your codebase is compatible with Go 1.21.

---

17-17: Approved: actions/checkout updated to v4

The update from v3 to v4 of actions/checkout is a good practice to keep the workflow using the latest stable version. This change is likely to bring performance improvements and bug fixes.

To ensure there are no breaking changes that might affect the workflow, please run the following script to check the changelog:

Review the output to confirm that there are no breaking changes that could impact this workflow.

✅ Verification successful

Verified: actions/checkout successfully updated to v4.2.0

The update to actions/[email protected] has been reviewed, and the changelog indicates that there are no breaking changes. The enhancements and dependency updates are beneficial and safe to implement.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Fetch and display the changelog for actions/checkout v4

gh release view v4 --repo actions/checkout

Length of output: 62

---

Script:

#!/bin/bash
# Description: List all releases for actions/checkout

gh release list --repo actions/checkout

Length of output: 1127

---

Script:

#!/bin/bash
# Description: Fetch and display the changelog for actions/checkout v4.2.0

gh release view v4.2.0 --repo actions/checkout

Length of output: 767

.github/workflows/release.yml (2)

Line range hint 27-27: Approved: Checkout action updated to v4

The update from actions/checkout@v3 to actions/checkout@v4 is a good improvement. This new version includes performance enhancements and bug fixes, which can potentially speed up your workflow and improve reliability.

---

63-63: Approved: Consistent update of checkout action in Rocky Linux job

The update to actions/checkout@v4 is consistently applied here in the Rocky Linux job. This maintains uniformity across different environments in your workflow.

.github/workflows/codeql.yml (1)

43-43: Approved: Updating actions/checkout to v4 is a good practice.

The update from actions/checkout@v3 to actions/checkout@v4 is a positive change. It ensures that the workflow uses the latest stable version of the action, which may include bug fixes, performance improvements, and new features.

Let's verify if other actions in this workflow are using their latest versions:

✅ Verification successful

Verified: All actions in the workflow are up to date.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check versions of other actions used in the workflow

# Test: Check github/codeql-action versions
echo "Checking github/codeql-action versions:"
grep -n "uses: github/codeql-action/" .github/workflows/codeql.yml

# Test: Check if there are any other actions that might need updates
echo "Checking for other actions:"
grep -n "uses: " .github/workflows/codeql.yml | grep -v "actions/checkout@v4" | grep -v "github/codeql-action/"

Length of output: 472

.github/workflows/publish_release_docker_image.yml (3)

50-50: Approved: Consistent update to actions/checkout@v4

This change is consistent with the update in the push_pika_to_registry job. It's good to see the same version being used across different jobs in the workflow.

Please refer to the comment on line 14 for more details about this update.

---

86-86: Approved: Consistent update across all jobs

This change completes the update to actions/checkout@v4 across all three jobs in the workflow. It's excellent to see this level of consistency, which helps maintain a uniform environment across different parts of the CI/CD process.

For more details about this update, please refer to the comment on line 14.

---

14-14: Approved: Update to actions/checkout@v4

The update from actions/checkout@v3 to actions/checkout@v4 is a good practice to keep the workflow using the latest stable version. This change is likely to bring performance improvements and security updates.

To ensure compatibility, please verify that the workflow runs successfully with this update. You can check the action's changelog for any breaking changes:

.github/workflows/publish_nightly_docker_image.yml (3)

14-14: LGTM: actions/checkout version updated.

The update from actions/checkout@v3 to actions/checkout@v4 is correct and consistent with the pull request objective.

---

52-52: LGTM: Consistent update in push_codis_to_registry job.

The actions/checkout version update to v4 is correctly applied in this job, maintaining consistency across the workflow.

---

90-90: LGTM: Consistent update in push_pika_exporter_to_registry job.

The actions/checkout version update to v4 is correctly applied in this job, maintaining consistency across all three jobs in the workflow.

.github/workflows/pika.yml (4)

99-104: LGTM! Consistent action updates across jobs.

The updates to actions/setup-go@v5 and actions/checkout@v4 in the build_on_rocky job are consistent with the changes in the build_on_ubuntu job. This consistency is good for maintaining parity across different build environments.

---

226-226: LGTM! Consistent action update in image build job.

The update to actions/checkout@v4 in the build_pika_image job is consistent with the changes in the other jobs. This maintains consistency across all parts of the workflow, including the Docker image build process.

---

Line range hint 1-254: Summary: Successful upgrade of GitHub Actions across the workflow.

This PR successfully upgrades the versions of actions/checkout (v3 to v4) and actions/setup-go (v3 to v5) across all jobs in the workflow. These updates are consistent and well-implemented, likely bringing performance improvements and bug fixes to the CI/CD pipeline.

Key points:

1. The changes are uniform across all jobs (ubuntu, rocky, macos, and image build).
2. The Go version (1.19) remains unchanged, maintaining consistency with the project's requirements.
3. The updates don't introduce any apparent risks or changes to the workflow logic.

These upgrades align well with the PR objectives and should improve the overall robustness of the CI/CD process.

---

22-25: LGTM! Action versions updated.

The updates to actions/checkout@v4 and actions/setup-go@v5 are good improvements. These updates likely bring performance enhancements and bug fixes.

Please verify that Go 1.19 is still the desired version for this project, as newer versions of Go are available. Run the following script to check the latest Go versions:

[coderabbitai]

🛠️ Refactor suggestion

Consider updating the Go version.

While the current Go version (1.19) is maintained, consider updating to a newer version (e.g., 1.20 or 1.21) to benefit from performance improvements and new features. Ensure compatibility with your codebase before upgrading.