release: v2.2.0+node25.9.0 into maintenance/v2+node25#88
Merged
Amnoor merged 9 commits intomaintenance/v2+node25from Apr 4, 2026
Merged
release: v2.2.0+node25.9.0 into maintenance/v2+node25#88Amnoor merged 9 commits intomaintenance/v2+node25from
Amnoor merged 9 commits intomaintenance/v2+node25from
Conversation
Bumps node from 25.8.2-alpine3.23 to 25.9.0-alpine3.23. --- updated-dependencies: - dependency-name: node dependency-version: 25.9.0-alpine3.23 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…nto the "develop" branch build(deps): Bump node from 25.8.2-alpine3.23 to 25.9.0-alpine3.23
This merge updates `.github/workflows/pr-tests.yml` to stop pushing PR test images to Docker Hub and instead pass the built image between jobs as an OCI artifact. The test workflow now uploads the multi-arch build output from `build-image`, downloads it in `test-image`, extracts a per-architecture image into the local Docker daemon with `skopeo`, and removes the artifact after testing. The artifact name now includes the pull request number so concurrent PR runs do not share the same artifact identifier.
In `build-image`, the `Login to Docker Hub` step is removed and the `Build Image` step changes from `push: true` to `push: false` with `outputs: type=oci,dest=image.tar`, so the workflow produces a local OCI archive instead of publishing a PR image to Docker Hub. A new `Upload Docker Image Artifact` step uses `actions/upload-artifact@v4` to persist `image.tar` as `docker-image-pr-${{ github.event.pull_request.number }}`. In `test-image`, the Docker Hub login and `docker pull` flow are removed, `TEST_IMAGE` changes from `runtimenode/test:pr-${{ github.event.pull_request.number }}` to `test:pr-${{ github.event.pull_request.number }}`, and new `Download Docker Image Artifact` and `Extract single-arch image with Skopeo` steps load each matrix entry’s `linux/amd64` or `linux/arm64` image as `test:pr-<number>-<arch>`. The smoke test and all integrity checks are updated to resolve `${{ matrix.platform }}` into `ARCH` and run against `${{ env.TEST_IMAGE }}-$ARCH` so they validate the locally extracted per-architecture image. A new `artifact-clean-up` job then removes `docker-image-pr-${{ github.event.pull_request.number }}` using `geekyeggo/delete-artifact@v4` after testing completes.
No other files or workflow jobs are modified by this merge.
…p" branch This merge updates the GitHub Actions workflows to use `docker/build-push-action@v7` instead of the current older major versions. It applies the version bump in both `.github/workflows/deployment.yml` and `.github/workflows/pr-tests.yml` while keeping the existing build, attestation, cache, and artifact logic unchanged. In `.github/workflows/deployment.yml`, the `Build and push (multi-registry, multi-platform)` step is updated from `uses: docker/build-push-action@v5` to `uses: docker/build-push-action@v7` without changing the existing `attests:`, tag, label, platform, or cache settings. In `.github/workflows/pr-tests.yml`, the `Build Image` step is updated from `uses: docker/build-push-action@v6` to `uses: docker/build-push-action@v7` without changing the existing OCI archive output, multi-platform build, tag, or cache configuration. No other files or workflow jobs are modified by this merge.
This merge updates `README.md` and `CONTRIBUTING.md` on `develop` so the documentation reflects the upcoming Node.js `25.9.0` release line and the current CI/CD tooling used by the repository. It refreshes the version examples in both documents and expands the README acknowledgements so recently added workflow actions are documented alongside the existing build and release tooling. In `CONTRIBUTING.md`, the Node.js Version Bumps example is updated from `node:25.8.2-alpine3.23` to `node:25.9.0-alpine3.23`. In `README.md`, the Versioning and Tags example is updated from `v2.1.3+node25.8.2` to `v2.2.0+node25.9.0`. The CI/CD & Build Tooling section of `README.md` is also expanded to add `actions/upload-artifact`, `actions/download-artifact`, and `geekyeggo/delete-artifact` for the PR test artifact workflow, plus `chrnorm/deployment-action` and `chrnorm/deployment-status` for GitHub Deployment tracking in the release workflow. No other files or documentation sections are modified by this merge.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR promotes
release/v2.2.0+node25.9.0intomaintenance/v2+node25, marking the next minor release on the Node.js 25 maintenance line. It consolidates five development cycles: the Node.js base image bump from25.8.2to25.9.0, the PR test workflow move from Docker Hub-pushed images to OCI artifact handoff, thedocker/build-push-actionupgrade tov7in both workflows, the release workflow attestation update to signedmode=maxprovenance and SBOM output, and documentation updates aligning examples and CI/CD tooling references with the current release state.Files Changed
Added:
Modified:
CONTRIBUTING.mdDockerfileREADME.md.github/workflows/deployment.ymlpr-tests.ymlDeleted:
Key Changes
Dockerfilefromnode:25.8.2-alpine3.23tonode:25.9.0-alpine3.23, bumping the bundled Node.js runtime from25.8.2to25.9.0..github/workflows/pr-tests.ymlto stop pushing PR images to Docker Hub by changing theBuild Imagestep frompush: truetopush: falsewithoutputs: type=oci,dest=image.tar, addingUpload Docker Image Artifact,Download Docker Image Artifact,Extract single-arch image with Skopeo, andartifact-clean-up, and changing the test image flow to local per-architecture images derived from the OCI artifact..github/workflows/pr-tests.ymlfromuses: docker/build-push-action@v6touses: docker/build-push-action@v7in theBuild Imagestep, and updated.github/workflows/deployment.ymlfromuses: docker/build-push-action@v5touses: docker/build-push-action@v7in theBuild and push (multi-registry, multi-platform)step.id-token: writeto the top-levelpermissions:block in.github/workflows/deployment.ymland replacedprovenance: trueandsbom: truewithattests:entriestype=provenance,mode=maxandtype=sbom,mode=maxin theBuild and push (multi-registry, multi-platform)step.CONTRIBUTING.mdfromnode:25.8.2-alpine3.23tonode:25.9.0-alpine3.23, updated the Versioning and Tags example inREADME.mdfromv2.1.3+node25.8.2tov2.2.0+node25.9.0, and addedactions/upload-artifact,actions/download-artifact,geekyeggo/delete-artifact,chrnorm/deployment-action, andchrnorm/deployment-statusto theCI/CD & Build Toolingsection ofREADME.md.