Pin GHA runner versions (#4461)

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2025-11-25 05:23:13 +03:00 · 2024-10-17 10:04:19 +01:00
parent 3d51e31da8
commit 66c80949e8
13 changed files with 26 additions and 26 deletions
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -10,7 +10,7 @@ on:
 jobs:
    backport:
        name: Backport
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        # Only react to merged PRs for security reasons.
        # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
        if: >
--- a/.github/workflows/docs-pr-netlify.yaml
+++ b/.github/workflows/docs-pr-netlify.yaml
@@ -9,7 +9,7 @@ on:
 jobs:
    netlify:
        if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - name: 📥 Download artifact
              uses: actions/download-artifact@v4
--- a/.github/workflows/notify-downstream.yaml
+++ b/.github/workflows/notify-downstream.yaml
@@ -15,7 +15,7 @@ jobs:
                    - repo: element-hq/element-web
                      event: element-web-notify

-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - name: Notify matrix-react-sdk repo that a new SDK build is on develop so it can CI against it
              uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -12,7 +12,7 @@ concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || gi
 jobs:
    changelog:
        name: Preview Changelog
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: mheap/github-action-required-labels@d25134c992b943fb6ad00c25ea00eb5988c0a9dd # v5
              if: github.event_name != 'merge_group'
@@ -29,7 +29,7 @@ jobs:

    prevent-blocked:
        name: Prevent Blocked
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        permissions:
            pull-requests: read
        steps:
@@ -42,7 +42,7 @@ jobs:

    community-prs:
        name: Label Community PRs
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: github.event.action == 'opened'
        steps:
            - name: Check membership
@@ -69,7 +69,7 @@ jobs:

    close-if-fork-develop:
        name: Forbid develop branch fork contributions
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: >
            github.event.action == 'opened' &&
            github.event.pull_request.head.ref == 'develop' &&
--- a/.github/workflows/release-drafter-workflow.yml
+++ b/.github/workflows/release-drafter-workflow.yml
@@ -10,7 +10,7 @@ on:
 concurrency: release-drafter-action
 jobs:
    draft:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - name: 🧮 Checkout code
              uses: actions/checkout@v4
--- a/.github/workflows/release-gitflow.yml
+++ b/.github/workflows/release-gitflow.yml
@@ -15,7 +15,7 @@ on:
 concurrency: ${{ github.workflow }}
 jobs:
    merge:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4
              with:
--- a/.github/workflows/release-make.yml
+++ b/.github/workflows/release-make.yml
@@ -41,7 +41,7 @@ on:
 jobs:
    release:
        name: Release
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        environment: Release
        steps:
            - name: Load GPG key
@@ -276,7 +276,7 @@ jobs:
    post-release:
        name: Post release steps
        needs: release
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - id: repository
              run: echo "REPO=${GITHUB_REPOSITORY#*/}" >> $GITHUB_OUTPUT
@@ -304,7 +304,7 @@ jobs:
    bump-downstreams:
        name: Update npm dependency in downstream projects
        needs: npm
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: inputs.downstreams
        strategy:
            matrix:
--- a/.github/workflows/release-npm.yml
+++ b/.github/workflows/release-npm.yml
@@ -11,7 +11,7 @@ on:
 jobs:
    npm:
        name: Publish to npm
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        outputs:
            id: ${{ steps.npm-publish.outputs.id }}
        steps:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,7 +34,7 @@ jobs:
        name: Publish Documentation
        needs: release
        if: inputs.docs
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - name: 🧮 Checkout code
              uses: actions/checkout@v4
@@ -60,7 +60,7 @@ jobs:
        environment:
            name: github-pages
            url: ${{ steps.deployment.outputs.page_url }}
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        needs: docs
        # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
        permissions:
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -14,7 +14,7 @@ on:
                description: "Whether to combine multiple LCOV and jest-sonar-report files in coverage artifact"
 jobs:
    sonarqube:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: |
            github.event.workflow_run.conclusion == 'success' &&
            github.event.workflow_run.event != 'merge_group'
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -11,7 +11,7 @@ concurrency:
 jobs:
    ts_lint:
        name: "Typescript Syntax Check"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

@@ -38,7 +38,7 @@ jobs:

    js_lint:
        name: "ESLint"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

@@ -55,7 +55,7 @@ jobs:

    workflow_lint:
        name: "Workflow Lint"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

@@ -72,7 +72,7 @@ jobs:

    docs:
        name: "JSDoc Checker"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

@@ -97,7 +97,7 @@ jobs:

    analyse_dead_code:
        name: "Analyse Dead Code"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -13,7 +13,7 @@ env:
 jobs:
    jest:
        name: "Jest [${{ matrix.specs }}] (Node ${{ matrix.node == '*' && 'latest' || matrix.node }})"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        timeout-minutes: 10
        strategy:
            matrix:
@@ -68,7 +68,7 @@ jobs:
        name: Jest tests
        needs: jest
        if: always()
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - if: needs.jest.result != 'skipped' && needs.jest.result != 'success'
              run: exit 1
@@ -91,7 +91,7 @@ jobs:
    # we need this so the job is reported properly when run in a merge queue
    downstream-complement-crypto:
        name: Downstream Complement Crypto tests
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: always()
        needs:
            - complement-crypto
@@ -103,7 +103,7 @@ jobs:
    # and skip sonarcloud coverage within merge queues
    downstream:
        name: Downstream tests
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: always()
        needs:
            - element-web
--- a/.github/workflows/triage-incoming.yml
+++ b/.github/workflows/triage-incoming.yml
@@ -6,7 +6,7 @@ on:

 jobs:
    automate-project-columns-next:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/add-to-project@main
              with: