Skip to content

chore(deps): bump actions/setup-node from 4 to 5 #1894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): bump actions/setup-node from 4 to 5 #1894

wants to merge 1 commit into from
+4 −4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2025
edited
Loading

Bumps actions/setup-node from 4 to 5.

Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Updates all GitHub Actions workflows to use actions/setup-node@v5 instead of v4.

  • CI/CD Workflows:
    • Upgrade actions/setup-node to v5:
      • /.github/workflows/ci.yml: v4.2.0v5.0.0.
      • /.github/workflows/e2e.yml: v4.4.0v5.0.0.
      • /.github/workflows/release.yml: v4v5.

Written by Cursor Bugbot for commit 84fc85c. This will update automatically on new commits. Configure here.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 1, 2025
@dependabot dependabot bot requested a review from shige as a code owner October 1, 2025 01:19
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 1, 2025
@changeset-bot
Copy link

changeset-bot bot commented Oct 1, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 662e1df

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

💥 An error occurred when fetching the changed packages and changesets in this PR 
Some errors occurred when validating the changesets config:
The package or glob expression "giselle-sdk" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.

@giselles-ai
Copy link

giselles-ai bot commented Oct 1, 2025
edited
Loading

Finished running flow.

Step Status Updated(UTC)
1 Oct 1, 2025 1:19am
2 Oct 1, 2025 1:20am
3 Oct 1, 2025 1:20am
4 Oct 1, 2025 1:20am

@vercel
Copy link

vercel bot commented Oct 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
giselle Ready Ready Preview Comment Oct 14, 2025 1:46am

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 1, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@giselles-ai
Copy link

giselles-ai bot commented Oct 1, 2025

## 🔍 QA Testing Assistant by Giselle

### 📋 Manual QA Checklist

Based on the changes in this PR, here are the key areas to test manually:

  • Verify CI Workflow Execution: Open the "Checks" tab for this Pull Request. Confirm that the ci workflow completed successfully. Check the logs for the Set node version to 22.14.0 step. Verify that Node.js is installed and that pnpm dependency caching is still working as expected (look for messages like "Cache restored" or "Cache saved").
  • Verify E2E Workflow Execution: On the same "Checks" tab, confirm that the e2e workflow also completed successfully. Check the logs for the Set node version to 22.16.0 step and verify that Node.js setup and pnpm caching are successful, similar to the CI workflow.
  • Verify Release Workflow (Post-Merge or Manual Trigger): Manually trigger the release workflow on this PR's branch (dependabot/github_actions/actions/setup-node-5). Confirm that all steps, particularly the Setup Node.js step, execute successfully.

### ✨ Prompt for AI Agents

Use the following prompts with Cursor or Claude Code to automate E2E testing:

📝 E2E Test Generation Prompt

```

Role: You are an expert QA Engineer. Your task is to validate that a critical CI/CD pipeline dependency upgrade does not break our development and deployment workflows.

Objective: Based on the context below, confirm that the update of the actions/setup-node GitHub Action from v4 to v5 is safe and does not negatively impact our CI, E2E, and Release workflows. No new application-level Playwright tests are needed. Instead, you will focus on verifying the pipeline's execution.

1. Context Summary

  • PR Description: This PR upgrades the actions/setup-node GitHub Action from major version 4 to 5 across all our GitHub Actions workflows (ci.yml, e2e.yml, release.yml).
  • Key Change: This is a major version bump, which introduces breaking changes. According to the release notes, the action now runs on node24 and introduces automatic caching if a packageManager field is present in package.json.
  • Affected User Flows: The "users" in this case are developers and the CI system. The affected flows are:
    1. Continuous Integration (linting, unit tests)
    2. End-to-End Testing (running the existing Playwright suite)
    3. Release Process (publishing packages)
  • Critical Path: The most critical path is to ensure that all workflows complete successfully. A failure in any of these jobs would block PR merges and deployments. The e2e.yml workflow is especially important, as it validates our application's stability.

2. Test Scenarios (Verification Checks)

Your goal is to verify the successful execution of the CI jobs with the updated dependency. You do not need to write new test files. The primary validation is observing the GitHub Actions check runs on the PR.

  • Scenario 1: CI Workflow Integrity (ci.yml)

    • Description: Verify that the main CI job completes successfully.
    • Steps to Verify:
      1. Confirm the ci workflow is triggered on the PR.
      2. Check that the Set node version... step using actions/setup-node@v5 completes without error.
      3. Verify that pnpm install successfully installs dependencies. Pay close attention to the logs to see if caching is being used correctly (either by the explicit cache: "pnpm" or the new automatic detection).
      4. Ensure all subsequent steps (e.g., linting, unit tests) pass.

  • Scenario 2: E2E Workflow Integrity (e2e.yml)

    • Description: Verify that the existing E2E test suite can run successfully in the environment configured by the new action. This is the most critical validation for QA.
    • Steps to Verify:
      1. Confirm the e2e workflow is triggered.
      2. Check that the Set node version... step using actions/setup-node@v5 completes without error.
      3. Confirm dependencies are installed and the application is built successfully.
      4. Crucially, verify that the step that executes the Playwright tests (e.g., run: pnpm test:e2e) completes and all existing tests pass. A failure here indicates an incompatibility.

  • Scenario 3: (Hypothetical) Release Workflow Integrity (release.yml)

    • Description: While we cannot test a real release on a PR, we need to be confident the workflow is syntactically correct and would likely run.
    • Steps to Verify:
      1. Review the release.yml diff. The only change is the action version.
      2. Confirm that the workflow is not configured to run on pull_request.
      3. The successful execution of the other two workflows provides high confidence that this one will also work, as the setup-node step is nearly identical. No direct action is needed beyond noting that the change is consistent.

3. Playwright Implementation Instructions

No new Playwright test code needs to be written. The code changes in this PR do not affect the application's DOM, functionality, or APIs.

Your task is to ensure the existing Playwright test suite, executed by the e2e.yml workflow, runs to completion without any environment-related errors.

  • Action: Trigger the CI/CD pipeline for the branch associated with this PR.
  • Observation: Monitor the "Checks" tab on the GitHub Pull Request.
  • Assertion:
    • expect(ci_workflow.status).toBe('success')
    • expect(e2e_workflow.status).toBe('success')
    • Drill down into the e2e workflow logs and confirm the step running Playwright tests shows that all tests passed and no setup/teardown errors occurred.

4. MCP Integration Guidelines

The project likely uses a command to run the Playwright test suite, which might be wrapped by Playwright MCP. The e2e.yml workflow file will contain this command.

  • Command: Look for a command like pnpm mcp:e2e or pnpm playwright test in the e2e.yml workflow.
  • Verification: Your task is to confirm that this exact command, when run by the GitHub Actions runner, completes successfully.
  • Environment: The environment is defined by the GitHub Actions runner combined with the setup performed by actions/checkout@v5, pnpm/action-setup, and actions/setup-node@v5. The successful workflow run is the validation of this environment.

5. CI-Ready Code Requirements

The "code" in this context is the workflow .yml files.

  • File Structure: The changes are correctly applied in .github/workflows/ci.yml, .github/workflows/e2e.yml, and .github/workflows/release.yml.
  • Validation: The primary validation is a "green checkmark" on the PR, indicating all required status checks have passed.
  • Output: The final deliverable is not a new test file, but a confirmation (e.g., a PR approval or comment) stating that:

    "Verified that all CI/CD workflows (ci, e2e) complete successfully with the updated actions/setup-node@v5 dependency. The existing E2E test suite runs without errors, and dependency caching appears to function as expected. This change is safe to merge."

```

---

@dependabot dependabot bot force-pushed the dependabot/github_actions/actions/setup-node-5 branch from 84fc85c to 047f1bc Compare October 6, 2025 04:52
@dependabot
chore(deps): bump actions/setup-node from 4 to 5
662e1df 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions/setup-node-5 branch from 047f1bc to 662e1df Compare October 14, 2025 01:45
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 1, 2025

Superseded by #2085.

@dependabot dependabot bot closed this Nov 1, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/actions/setup-node-5 branch November 1, 2025 01:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shige shige Awaiting requested review from shige shige is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant