Skip to content

[CHORE](ci) Bump setup-java to v5 (Node 24) in publish-maven-to-codeartifact#31

Merged
John McCall (lowlydba) merged 1 commit into
mainfrom
lowlydba/bump-setup-java-node24
Jun 9, 2026
Merged

[CHORE](ci) Bump setup-java to v5 (Node 24) in publish-maven-to-codeartifact#31
John McCall (lowlydba) merged 1 commit into
mainfrom
lowlydba/bump-setup-java-node24

Conversation

@lowlydba

@lowlydba John McCall (lowlydba) commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

What

Bumps actions/setup-java from c1e323688fd81a25caa38c78aa6df2d33d3e20d9 (v4.8.0, Node 20) to be666c2fcd27ec809703dec50e508c2fdc7f6654 (v5.2.0, Node 24) in the publish-maven-to-codeartifact composite action.

Why

This setup-java step was the last residual Node 20 source in the centralized CodeArtifact composite actions. A real dev-publish deploy during overture-matchers #287 testing surfaced a single Node 20 deprecation annotation traced to it. GitHub forces the Node 20 cutover on 2026-06-16.

Compatibility

The step's inputs (distribution: temurin, java-version-file, cache: maven, cache-dependency-path) are unchanged in setup-java v5 — v5's breaking changes are runner-version/runtime only, not these inputs. So this is a drop-in with no with: changes. It also matches the consumer's own setup-java v5.2.0 pin (be666c2), which already runs warning-free.

Validation

  • action.yml parses (YAML safe_load OK).
  • zizmor --persona=pedantic clean: no findings, 1 ignored (the pre-existing justified setup-codeartifact@main self-reference).
  • git diff is exactly one line (the setup-java uses: line).

Closes #30
Part of #28
Part of OvertureMaps/ops-team#384

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

@lowlydba
[CHORE](ci) Bump setup-java to v5 (Node 24) in publish-maven-to-codea…
97d5e5a 
…rtifact

Bumps actions/setup-java v4.8.0 -> v5.2.0 (Node 20 -> Node 24) in the
publish-maven-to-codeartifact composite action, clearing the last
residual Node 20 deprecation annotation found during overture-matchers
#287 dev-publish testing. Inputs are unchanged/compatible, so it is a
drop-in. Matches the consumer's own setup-java v5.2.0 pin (be666c2).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Signed-off-by: John McCall <john@overturemaps.org>
Copilot AI review requested due to automatic review settings June 9, 2026 21:28
@lowlydba John McCall (lowlydba) requested a review from a team as a code owner June 9, 2026 21:28
@overture-projection

overture-projection Bot commented Jun 9, 2026

Copy link
Copy Markdown

Overture PRojection Review

This PR updates the actions/setup-java step in the publish-maven-to-codeartifact composite action from v4.8.0 (Node 20) to v5.2.0 (Node 24), addressing Node 20 deprecation and aligning with consumer workflows.

✅ Checks Passed

🚩 Flags

  • .github/actions/publish-maven-to-codeartifact/action.yml:49 No tests in diff (Tests: ❌), but this is a CI workflow version bump with no behavioral changes. If possible, validate the action runs as expected in a real publish scenario post-merge.

❓ Open Questions

  • None — the rationale and compatibility are clearly explained.

No blocking issues found. The update is safe and aligns with org standards for CI maintenance. Recommend merge after confirming a successful publish run.

@lowlydba

John McCall (lowlydba) commented Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

Not in use yet, going to merge to iterate on downstream development.

@lowlydba John McCall (lowlydba) merged commit 51f3380 into main Jun 9, 2026
10 checks passed
@lowlydba John McCall (lowlydba) deleted the lowlydba/bump-setup-java-node24 branch June 9, 2026 21:29
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the publish-maven-to-codeartifact composite action to use actions/setup-java v5 (Node 24) so the last remaining Node 20-based action dependency is removed ahead of GitHub’s Node 20 runtime cutoff.

Changes:

  • Bump actions/setup-java from v4.8.0 (c1e3236…, Node 20) to v5.2.0 (be666c2…, Node 24) in the JDK setup step.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[CHORE] Bump setup-java to v5 (Node 24) in publish-maven-to-codeartifact

2 participants

@lowlydba