ci: check node matches latest upstream tag#1934
Merged
Conversation
WalkthroughUpdated GitHub checkout action from v4 to v5 across three CI jobs and added a validation step that fetches Node.js release metadata, compares the installed Node version to the latest official release for the major version, and reports status to GITHUB_STEP_SUMMARY. Changes
Sequence DiagramsequenceDiagram
participant Job as CI Job
participant API as nodejs.org API
participant Summary as GitHub Step Summary
Job->>API: GET /dist/index.json
API-->>Job: Release metadata (JSON)
Note over Job: Select latest release matching major
alt Release found
Job->>Job: Compare installed process.version with latest
alt Versions match
Job->>Summary: Append "up to date" entry
else Versions differ
Job->>Summary: Append "WARNING / NodeSource package is behind upstream"
end
else No release for major
Job->>Summary: Append "skipped" entry
end
Job-->>Job: Exit success
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~22 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/ci.yaml (1)
50-86: Extract the latest-tag checker into one reusable script or composite action.This block is copied three times with identical logic. Any follow-up fix to exit behavior, parsing, or summary formatting now has to be kept in sync manually across all jobs.
One way to simplify it
- - name: Validate Node matches latest official tag - env: - MATRIX_OS: ${{ matrix.os }} - run: | - cat <<'EOF' > /tmp/check-latest.js - ... - EOF - node /tmp/check-latest.js ${{ matrix.version }} "$MATRIX_OS" + - name: Validate Node matches latest official tag + env: + MATRIX_OS: ${{ matrix.os }} + run: node .github/scripts/check-latest-node.js ${{ matrix.version }} "$MATRIX_OS"Then reuse the same script from
deb,rpm, andrpm-minimal.Also applies to: 144-180, 237-273
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 50 - 86, The workflow duplicates the inline Node latest-tag checker across multiple jobs; extract the logic currently written into /tmp/check-latest.js (symbols: major, appendSummary, retrieval of https://nodejs.org/dist/index.json and comparison against process.version) into a single reusable artifact (either a checked-in script in the repo or a composite GitHub Action) and replace the three inline blocks (used by deb, rpm, rpm-minimal jobs) with calls to that single script/action, ensuring the same CLI args (matrix.version, MATRIX_OS) and summary/error exit behavior are preserved.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yaml:
- Around line 74-83: The workflow currently exits with process.exit(0) on both a
detected stale NodeSource package and on fetch errors, making CI succeed even
when validation fails; update the exit calls in the version-comparison branch
(the block that checks if (installed !== latest.version)) and the fetch error
handler (the .on('error', ...) callback) to use a non-zero exit code (e.g.,
process.exit(1)) so the job fails on stale packages or fetch/validation
failures; apply the same change to the corresponding other instances referenced
(the blocks around lines 168-177 and 261-270) where process.exit(0) is used for
error/failure conditions.
---
Nitpick comments:
In @.github/workflows/ci.yaml:
- Around line 50-86: The workflow duplicates the inline Node latest-tag checker
across multiple jobs; extract the logic currently written into
/tmp/check-latest.js (symbols: major, appendSummary, retrieval of
https://nodejs.org/dist/index.json and comparison against process.version) into
a single reusable artifact (either a checked-in script in the repo or a
composite GitHub Action) and replace the three inline blocks (used by deb, rpm,
rpm-minimal jobs) with calls to that single script/action, ensuring the same CLI
args (matrix.version, MATRIX_OS) and summary/error exit behavior are preserved.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: c2a90072-48d6-4f7e-844e-362cd1065528
📒 Files selected for processing (1)
.github/workflows/ci.yaml
JesusPaz
force-pushed
the
jesus/check-latest-node-tag
branch
from
d8d268a to
ec18e8c
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/ci.yaml (1)
50-85: Extract this validator into one reusable script or action.The same inline JS now exists in three jobs, so every fix has to be copied three times. That's already why the same exit-code bug shows up in all three blocks.
Also applies to: 143-178, 235-270
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 50 - 85, Extract the duplicated inline validator into a single reusable script (e.g., .github/scripts/check-latest.js) or a composite action and replace each inline block that writes /tmp/check-latest.js (the step named "Validate Node matches latest official tag") with a call to that script/action, passing matrix.version and MATRIX_OS; move the existing logic from the inline snippet into that file, ensure it writes summaries via process.env.GITHUB_STEP_SUMMARY, and fix the exit-code behavior so the script returns a non-zero code on real errors and the intended zero/neutral code only when skipping (preserve current logging/warning behavior but make exit codes consistent).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yaml:
- Around line 80-81: The success branches that currently only call console.log
(e.g. the lines printing "Installed ... matches latest ...") never call
appendSummary(), leaving GITHUB_STEP_SUMMARY empty; update those success paths
to also call appendSummary() with the same or equivalent success message so
healthy runs populate the matrix summary (mirror the behavior used in the
skip/warning branches that call appendSummary()). Locate the success console.log
occurrences and add a corresponding appendSummary() invocation that writes the
success text to the step summary.
- Around line 61-63: The https.get() calls currently don't handle request
timeouts and can leave CI hanging; update each invocation (the ClientRequest
returned by https.get at the three occurrences) to set a timeout (e.g.,
setTimeout duration appropriate for CI) and in the timeout handler explicitly
destroy the request/socket and surface an error (for example by calling
req.destroy(new Error('Request timed out')) or emitting an error) so the
promise/callback path fails fast; also attach an 'error' listener on the
ClientRequest to ensure the error is logged/propagated (refer to the existing
https.get(...) calls and their response handlers/res.on('data', ...) to add
req.setTimeout(...) / req.on('timeout', ...) and req.on('error', ...) handling).
---
Nitpick comments:
In @.github/workflows/ci.yaml:
- Around line 50-85: Extract the duplicated inline validator into a single
reusable script (e.g., .github/scripts/check-latest.js) or a composite action
and replace each inline block that writes /tmp/check-latest.js (the step named
"Validate Node matches latest official tag") with a call to that script/action,
passing matrix.version and MATRIX_OS; move the existing logic from the inline
snippet into that file, ensure it writes summaries via
process.env.GITHUB_STEP_SUMMARY, and fix the exit-code behavior so the script
returns a non-zero code on real errors and the intended zero/neutral code only
when skipping (preserve current logging/warning behavior but make exit codes
consistent).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 56b3be4a-3f54-4f62-90a7-fa7aaf111e19
📒 Files selected for processing (1)
.github/workflows/ci.yaml
riosje
approved these changes
Apr 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit