Labsco
github logo

github-actions-runtime-upgrade-conventions

✓ Official36,202

by github · part of github/awesome-copilot

Upgrade GitHub Actions to supported runtimes by selecting safe action versions, preserving workflow behavior, and validating post-upgrade execution.

🧩 One of 7 skills in the github/awesome-copilot package — works on its own, and pairs well with its siblings.

This is the playbook your agent receives when the skill activates — you don't need to read it to use the skill, but it's here to audit before installing.

GitHub Actions Runtime Upgrade Conventions

Use this skill when editing GitHub Actions workflows to address deprecation warnings about action runtimes (for example Node.js runtime migrations).

Use This Skill When

  • Workflow logs report an action is running on a deprecated runtime.
  • You are upgrading action versions in .github/workflows/*.yml or .github/workflows/*.yaml.
  • You need to keep existing workflow behavior while modernizing action dependencies.

Actions We Track in This Repo

Prioritize runtime review for these groups when warnings appear:

  • Any first-party action under actions/*
  • Especially setup actions under actions/setup-* (for example setup-node, setup-python, setup-dotnet)
  • Any other action explicitly named by the runtime deprecation warning in workflow logs

Pinning Pattern

steps:
  - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.3.1
  - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.4

When recommending upgrades, identify the latest compatible release first, then use the corresponding commit SHA with an optional version comment.

Verification Checklist

After changing action versions:

  1. Ensure all edited workflows still parse and keep the same triggers/permissions unless intentionally changed.
  2. Run the affected workflows (or equivalent local build/test commands) and confirm the upgraded steps complete successfully.
  3. Confirm release/signing/artifact steps still produce expected outputs where applicable.
  4. Check workflow run logs for any new deprecation warnings or runtime migration notes.

PR Notes

Include in the PR summary:

  • Which actions were upgraded (from -> to).
  • Whether any action could not move to a new major and why.
  • Which workflows were re-run to validate the change.

How This Complements Dependabot

Dependabot can automate many updates, but this skill still helps when:

  • Dependabot is not enabled for workflows in a repository.
  • Runtime warnings appear before an automated update is available.
  • A workflow needs behavior-preserving validation after the action bump.