Skip to content

ci: Update GitHub Actions versions and runner images#288

Open
rhaist wants to merge 4 commits intothreathunters-io:masterfrom
rhaist:deps/update
Open

ci: Update GitHub Actions versions and runner images#288
rhaist wants to merge 4 commits intothreathunters-io:masterfrom
rhaist:deps/update

Conversation

@rhaist
Copy link

@rhaist rhaist commented Mar 19, 2026
edited
Loading

Summary

GitHub Actions (build.yml)

Replace deprecated actions-rs/toolchain@v1 with dtolnay/rust-toolchain across all jobs. The actions-rs organisation is unmaintained. The new action uses
targets: (plural) for cross-compilation targets instead of the old target: singular parameter.

Update action versions:

Action Before After
actions/checkout v2 v6
actions/cache v3 v5
actions/upload-artifact v4 v7
actions/download-artifact v4 v8

Update musl build container: alpine:3.21alpine:3.23 (latest stable).

Fix build-test-old toolchain version: corrected from 1.85 to 1.70 to match the actual rust-version declared in Cargo.toml.

SELinux policies (selinux.yml)

Same action version updates as above. Two new build targets are added while all existing targets are preserved:

  • build-trixiedebian:trixie-slim (Debian 13, now stable)
  • build-nobleubuntu:noble (Ubuntu 24.04 LTS)

@rhaist
ci: Update GitHub Actions versions and runner images
9754e12 
- Replace deprecated actions-rs/toolchain@v1 with dtolnay/rust-toolchain
- Update all actions/{checkout,cache,upload-artifact,download-artifact} to v6
- Update build containers: debian:bullseye → trixie, alpine:3.21 → 3.22
- Update selinux container: ubuntu:jammy → noble, debian:bookworm-slim → trixie-slim
- Add build-test-old job to test against minimum supported toolchain (1.85)
- Add missing `permissions: contents: read` to per-job definitions
@hillu
Copy link
Collaborator

hillu commented Mar 19, 2026

Hi,
thanks for your PR.
I like the CI permissions change. While I am somewhat indifferent about updates to the various Github actions, I disagree with upgrading the build environments. Debian/bullseye was specifically chosen to generate binaries that target older GNU libc versions so we can provide binaries that can still be used in aging "enterprise" distros. It may make sense to add Debian LTS repositories to the build environment, however. It's okay to add new distribution targets for the SELinux policies, but old targets should not be removed.
The comment about the minimum supported toolchain makes no sense as it is currently set to 1.70 in Cargo.toml.

rhaist added 3 commits March 19, 2026 23:14
@rhaist
ci: Fix Alpine version to 3.23 (latest stable)
d293286
@rhaist
ci: Address maintainer feedback
df2f50c 
- Revert binary build containers back to debian:bullseye — intentionally
  chosen to produce binaries compatible with older glibc versions
- Fix build-test-old toolchain to 1.70 (actual MSRV per Cargo.toml)
- Restore build-bookworm (debian:bookworm-slim) and build-jammy
  (ubuntu:jammy) in selinux.yml — add trixie/noble as new targets
  rather than replacing existing ones
@rhaist
ci: Fix GitHub Actions versions (cache→v5, upload-artifact→v7, downlo…
0745a70 
…ad-artifact→v8)
@rhaist
Copy link
Author

rhaist commented Mar 20, 2026

Thanks for your feedback - I touched only what needed some bumps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rhaist @hillu