Use default Node version in CI #2067
Conversation
Deprecated Node versions are used in CI, potentially causing security and reliability issues. Instead, it's better to use GitHub's default Node version, which also doesn't require additional downloads or installations.
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit cc690dc:
|
|
The size action is warning because of preactjs/compressed-size-action#93 but it seems like it's safe to ignore as it already runs on Node 16:
|
|
This isn't a hard opinion, but I'm on the negative side of this. This introduces less determinism into our builds and test suite. That has the potential for breakage and extra workload for us as maintainers. There's nothing necessarily wrong with using older Node versions, since this isn't deployed software and the practical effects on end-users are minimal. The most likely actual breakage is with the versions of tools that we use and the supported Node versions of our various Actions. In that context, I think it's more important to keep builds and tests consistent and as close to deterministic as possible. |
|
I believe it's more deterministic, as at least it's using the same default Node version in each workflow. Also Mark has already agreed to my idea, but I'm curious what he thinks about this specifically. |
|
That's consistency, not determinism. The build environment will change over time. A run one week under Node 20 might be different or break the next week under Node 22. It's the same reason we use a lockfile for our dependencies. I'm all for consistency. I have issue with nondeterminism. |
Deprecated Node versions are used in CI, potentially causing security and reliability issues. Instead, it's better to use GitHub's default Node version, which also doesn't require additional downloads or installations.