chore: bump Github Actions versions

[mvadari]

High Level Overview of Change

Title says it all.

Context of Change

Deprecation notices on Actions:

The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, actions/setup-node@v3, actions/cache@v3. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CodeQL v2 will also be deprecated in December: https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

Type of Change

• Tests (You added tests for code that already exists, or your new feature included in this PR)

Did you update HISTORY.md?

• No, this change does not impact library users

Test Plan

The notices go away now.

[coderabbitai]

Walkthrough

The pull request includes updates to GitHub Actions within two workflow files: .github/workflows/codeql-analysis.yml and .github/workflows/nodejs.yml. The changes involve upgrading various actions to their latest versions, specifically enhancing the CodeQL analysis workflow and the Node.js workflow. These updates ensure that the workflows utilize the most recent features and fixes of the respective actions.

Changes

File	Change Summary
.github/workflows/codeql-analysis.yml	Updated actions/checkout from v3 to v4, github/codeql-action/init, autobuild, and analyze from v2 to v3.
.github/workflows/nodejs.yml	Updated actions/checkout, setup-node, and cache from v3 to v4 across multiple job definitions.

Possibly related PRs

• chore: fix CodeQL issue #2727: This PR also modifies the .github/workflows/codeql-analysis.yml file, indicating a direct connection to the main PR's changes, although the nature of the changes differs.

Suggested reviewers

• khancode
• pdp2121
• justinr1234

Poem

🐇 In the land of code where rabbits play,
Actions are hopping to a brighter day.
Versions are fresh, the workflows gleam,
Upgrades in place, like a coder's dream!
With every pull, we leap and cheer,
For smoother paths, the future is near! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mvadari]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 55892c8 and 24abec8.

📒 Files selected for processing (2)

• .github/workflows/codeql-analysis.yml (3 hunks)
• .github/workflows/nodejs.yml (10 hunks)

🔇 Additional comments (10)

.github/workflows/codeql-analysis.yml (5)

51-51: Approved: github/codeql-action/autobuild updated to v3

This update is consistent with the previous CodeQL action updates and maintains version consistency across the CodeQL action suite. This change is necessary and appropriate.

---

Line range hint 36-65: Summary: GitHub Actions versions successfully updated

All changes in this file consistently update the GitHub Actions to their latest major versions:

1. actions/checkout: v3 → v4
2. github/codeql-action/init: v2 → v3
3. github/codeql-action/autobuild: v2 → v3
4. github/codeql-action/analyze: v2 → v3

These updates align perfectly with the PR objectives to address deprecation notices and ensure compatibility with Node.js 20. The changes are appropriate, necessary, and should resolve the issues mentioned in the PR description.

To ensure a smooth transition, please make sure to:

1. Review any breaking changes or new features in the updated actions, especially for actions/checkout v4 and the CodeQL action v3.
2. Test the entire workflow in a safe environment before merging to main.
3. Monitor the workflow's performance after the update to catch any unexpected issues early.

Great job on keeping the project up-to-date with the latest GitHub Actions!

---

65-65: Approved: github/codeql-action/analyze updated to v3

This update completes the set of changes for the CodeQL action suite, ensuring version consistency across all CodeQL-related steps in the workflow. This change is necessary and appropriate.

To ensure the entire workflow functions correctly with these updates, please run the following script to test the workflow:

#!/bin/bash
# Description: Verify the updated CodeQL workflow

# Test: Use act to run the workflow locally
act pull_request -j analyze

Note: This assumes you have act installed. If not, you may need to trigger a test run of this workflow in a separate branch or test environment.

---

40-40: Approved: github/codeql-action/init updated to v3

This update aligns with the PR objectives and addresses the upcoming deprecation of CodeQL v2 action. The latest major version (v3) of the CodeQL action is now being used, which supports Node.js 20 and ensures long-term compatibility.

To ensure we're leveraging all new features and haven't missed any necessary configuration changes, please run the following script:

---

36-36: Approved: actions/checkout updated to v4

This update aligns with the PR objectives and addresses the deprecation notice. The latest major version (v4) of actions/checkout is now being used, which should resolve issues related to the deprecated Node.js version.

To ensure compatibility, please run the following script to check if there are any breaking changes or new features in v4 that might affect our workflow:

.github/workflows/nodejs.yml (5)

66-66: LGTM: Action versions updated correctly in unit job.

The updates to actions/checkout@v4, actions/setup-node@v4, and actions/cache@v4 in the unit job are correct and consistent with the changes made in the build-and-lint job. These changes align with the PR objectives and should resolve the deprecation notices for Node.js versions in the actions.

To ensure these are the only changes in this job and that they don't introduce any unintended side effects, let's verify:

#!/bin/bash
# Description: Verify action version updates in unit job

# Test: Check for v4 updates in unit job
rg --type yaml -A 3 'unit:' .github/workflows/nodejs.yml | rg 'v4'

# Test: Ensure no other changes in the job
rg --type yaml -A 30 'unit:' .github/workflows/nodejs.yml

Also applies to: 68-68, 78-78

---

107-107: LGTM: Action versions updated correctly in integration job.

The updates to actions/checkout@v4, actions/setup-node@v4, and actions/cache@v4 in the integration job are correct and consistent with the changes made in the previous jobs. These changes align with the PR objectives and should resolve the deprecation notices for Node.js versions in the actions.

To ensure these are the only changes in this job and that they don't introduce any unintended side effects, let's verify:

#!/bin/bash
# Description: Verify action version updates in integration job

# Test: Check for v4 updates in integration job
rg --type yaml -A 3 'integration:' .github/workflows/nodejs.yml | rg 'v4'

# Test: Ensure no other changes in the job
rg --type yaml -A 30 'integration:' .github/workflows/nodejs.yml

Also applies to: 114-114, 124-124

---

211-211: LGTM: Action versions updated correctly in snippets job.

The updates to actions/checkout@v4, actions/setup-node@v4, and actions/cache@v4 in the snippets job are correct and consistent with the changes made in the previous jobs. These changes align with the PR objectives and should resolve the deprecation notices for Node.js versions in the actions.

To ensure these are the only changes in this job and that they don't introduce any unintended side effects, let's verify:

#!/bin/bash
# Description: Verify action version updates in snippets job

# Test: Check for v4 updates in snippets job
rg --type yaml -A 3 'snippets:' .github/workflows/nodejs.yml | rg 'v4'

# Test: Ensure no other changes in the job
rg --type yaml -A 30 'snippets:' .github/workflows/nodejs.yml

Also applies to: 213-213, 223-223

---

Line range hint 1-245: Overall changes look good, but consider addressing CodeQL action.

The updates to actions/checkout@v4, actions/setup-node@v4, and actions/cache@v4 have been consistently applied across all jobs in the workflow. These changes align with the PR objectives and should resolve the deprecation notices for Node.js versions in the actions.

However, I noticed that the PR objectives mentioned that the CodeQL v2 action is set to be deprecated in December 2024. This workflow file doesn't seem to include any CodeQL-related actions. If CodeQL is used in other workflow files, consider updating those as well to address the upcoming deprecation.

Let's verify if there are any CodeQL-related actions in other workflow files:

#!/bin/bash
# Description: Check for CodeQL-related actions in all workflow files

# Test: Search for CodeQL actions in all workflow files
rg --type yaml 'uses: github/codeql-action' .github/workflows/

---

159-159: LGTM: Action versions updated correctly in browser job.

The updates to actions/checkout@v4, actions/setup-node@v4, and actions/cache@v4 in the browser job are correct and consistent with the changes made in the previous jobs. These changes align with the PR objectives and should resolve the deprecation notices for Node.js versions in the actions.

To ensure these are the only changes in this job and that they don't introduce any unintended side effects, let's verify:

#!/bin/bash
# Description: Verify action version updates in browser job

# Test: Check for v4 updates in browser job
rg --type yaml -A 3 'browser:' .github/workflows/nodejs.yml | rg 'v4'

# Test: Ensure no other changes in the job
rg --type yaml -A 30 'browser:' .github/workflows/nodejs.yml

Also applies to: 162-162, 176-176