Update of action in deploy.yaml required

[gebeer]

Hi @bernhard

we just ran into some error with the deployment script:

The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3. For more info:

https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/ 

Seems related to the action in use: uses: actions/checkout@v3

 

[bernhard]

Thx @gebeer I've seen that warning for a long time but didn't find the time to look into it yet. I'm not sure I understand this thread though?! What are you suggesting? Do you have a solution or was this just a report?

[gebeer]

18 minutes ago, bernhard said:

Thx @gebeer I've seen that warning for a long time but didn't find the time to look into it yet. I'm not sure I understand this thread though?! What are you suggesting? Do you have a solution or was this just a report?

I think you need to update to action/checkout@v4. Looking at their changelog https://github.com/actions/checkout/blob/main/CHANGELOG.md they updated to Node 20 in v.4.0.0. That should take care of the problem.

Alternatively, if you, for some reason, must stay on v3, you can set an env var FORCE_JAVASCRIPT_ACTIONS_TO_NODE20=true

But I would try to avoid that because of https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/#removal-of-operating-system-support-for-non-node20-os-versions

Hope that helps :-)

[bernhard]

Unfortunately it was not as easy as changing the version number. I had to find another workflow as the one used was archived and not maintained any more. But I have now added a dedicated auto-release workflow file to RockMigations which anybody can use to create fully automated releases (without nodejs deprecation notices) 😎

name: Auto-Release

on:
  push:
    branches:
      - main

jobs:
  auto-release:
    uses: baumrock/RockMigrations/.github/workflows/auto-release.yml@main
    secrets:
      token: ${{ secrets.GITHUB_TOKEN }}

 

[gebeer]

26 minutes ago, bernhard said:

I had to find another workflow as the one used was archived and not maintained any more

The one I had linked to which is the official github checkout action is not deprecated https://github.com/actions/checkout and in active development.

Could you provide the link to the deprecated version?

EDIT: Ah, I see https://github.com/baumrock/RockMigrations/blob/main/.github/workflows/auto-release.yml uses the actions/checkout@v4 :-)

So in our local main.yaml we need to use

jobs:
  deploy-to-production:
    uses: baumrock/RockMigrations/.github/workflows/auto-release.yaml@main // instead of deploy.yaml

Could you please confirm?

[bernhard]

Hey @gebeer that was the problem... Your linked action was not the problem, the other one was 😉 

I forgot to add the link to the new docs that I also added: https://www.baumrock.com/en/processwire/modules/rockmigrations/docs/releases/

In the new release file you see the action that I changed: https://github.com/baumrock/RockMigrations/blob/73f23de4e22b807d08e2d315ef7dc8bcc067e269/.github/workflows/auto-release.yml#L28

46 minutes ago, gebeer said:

So in our local main.yaml we need to use

jobs:
  deploy-to-production:
    uses: baumrock/RockMigrations/.github/workflows/auto-release.yaml@main // instead of deploy.yaml

No. That's not correct. The new Auto-Release action is only for automated releases. The deployment didn't change!

[bernhard]

Hey @gebeer sorry for the confusion. Just realised that you were talking about deployments and I was working on the releases 😄

I have also updated the deploy workflow to use checkout v4 instead of v3 which fixes the nodejs warning!

So this is what you can use for automated releases:

name: Auto-Release

on:
  push:
    branches:
      - main

jobs:
  auto-release:
    uses: baumrock/RockMigrations/.github/workflows/auto-release.yml@main
    secrets:
      token: ${{ secrets.GITHUB_TOKEN }}

So whenever you push to main it will create a new release for you with automated release tags and changelog.

And then I have this workflow to push to production or staging:

name: Deploy to Production

on:
  workflow_run:
    workflows: ["Auto-Release"]
    types:
      - completed

jobs:
  deploy-to-production:
    uses: baumrock/RockMigrations/.github/workflows/deploy.yaml@main
    with:
      PATH: "/path/to/your/project"
      SSH_HOST: your-host.com
      SSH_USER: youruser
      SUBMODULES: true
    secrets:
      CI_TOKEN: ${{ secrets.YOUR_TOKEN }}
      SSH_KEY: ${{ secrets.YOUR_SSH_KEY }}
      KNOWN_HOSTS: ${{ secrets.YOUR_KNOWN_HOSTS }}

I discussed whether having ssh_host + user in the workflow file is a good practise or not in a recent php meetup. It seems to be fine from a security perspective but it's preferable to use variables from a devops view, because you can then simply change variables or paths and deployments will still work. When changing paths in the worflow file anybody working on a feature branch that has an old version will get an error on deployment!