Installation
Install with CLI
Recommended
gh skills-hub install github-actions-runtime-upgrade-conventions Don't have the extension? Run gh extension install samueltauil/skills-hub first.
Download and extract to your repository:
.github/skills/github-actions-runtime-upgrade-conventions/ Extract the ZIP to .github/skills/ in your repo. The folder name must match github-actions-runtime-upgrade-conventions for Copilot to auto-discover it.
Skill Files (1)
SKILL.md 2.8 KB
---
name: github-actions-runtime-upgrade-conventions
description: 'Upgrade GitHub Actions to supported runtimes by selecting safe action versions, preserving workflow behavior, and validating post-upgrade execution.'
---
# GitHub Actions Runtime Upgrade Conventions
Use this skill when editing GitHub Actions workflows to address deprecation warnings about action runtimes (for example Node.js runtime migrations).
## Use This Skill When
- Workflow logs report an action is running on a deprecated runtime.
- You are upgrading action versions in `.github/workflows/*.yml` or `.github/workflows/*.yaml`.
- You need to keep existing workflow behavior while modernizing action dependencies.
## Upgrade Rules
- Prefer upgrading to the latest stable **major** version of each action that is compatible with the workflow.
- Prefer immutable pins: resolve the target release to a full commit SHA and use that SHA in `uses:`.
- Do not pin to mutable tags or branches (for example `@v4` or `@main`) in final recommendations.
- Upgrade one action at a time per commit (or one tightly related group) so failures are easy to isolate.
- Keep existing workflow behavior unchanged while upgrading runtime/dependency actions.
## Actions We Track in This Repo
Prioritize runtime review for these groups when warnings appear:
- Any first-party action under `actions/*`
- Especially setup actions under `actions/setup-*` (for example `setup-node`, `setup-python`, `setup-dotnet`)
- Any other action explicitly named by the runtime deprecation warning in workflow logs
## Pinning Pattern
```yaml
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.3.1
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.4
```
When recommending upgrades, identify the latest compatible release first, then use the corresponding commit SHA with an optional version comment.
## Verification Checklist
After changing action versions:
1. Ensure all edited workflows still parse and keep the same triggers/permissions unless intentionally changed.
2. Run the affected workflows (or equivalent local build/test commands) and confirm the upgraded steps complete successfully.
3. Confirm release/signing/artifact steps still produce expected outputs where applicable.
4. Check workflow run logs for any new deprecation warnings or runtime migration notes.
## PR Notes
Include in the PR summary:
- Which actions were upgraded (from -> to).
- Whether any action could not move to a new major and why.
- Which workflows were re-run to validate the change.
## How This Complements Dependabot
Dependabot can automate many updates, but this skill still helps when:
- Dependabot is not enabled for workflows in a repository.
- Runtime warnings appear before an automated update is available.
- A workflow needs behavior-preserving validation after the action bump.
License (MIT)
View full license text
MIT License Copyright GitHub, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.