chore: upgrade GitHub Actions to fix Node 20 deprecation warnings

[devin-ai-integration]

Summary

Upgrades GitHub Actions across all workflow files to Node 24-compatible versions, addressing the Node 20 deprecation deadline (June 2, 2026).

Upgraded actions:

Action	From	To
actions/checkout	v4	v6
actions/github-script	v6 / v7	v8
actions/setup-python	v4.3.0	v6
actions/upload-artifact	v4	v6
pmeier/pytest-results-action	@main	v0.8.0

Also adds actions: write permission to stale.yml, which is required by actions/stale@v10.

Not upgraded (no Node 24 version available):

• wow-actions/auto-comment@v1 — still node16, no newer version exists
• repo-sync/pull-request@v2 — Docker-based action, not affected by Node deprecation

Already on Node 24 (no changes needed):

• actions/setup-python@v6, actions/stale@v10

Review & Testing Checklist for Human

• actions/upload-artifact v4→v6: This is a two-major-version jump. Verify that artifact upload behavior (retention, naming, deduplication) hasn't changed in a way that breaks the test-warehouse.yml workflow. Check the v5 and v6 changelogs for breaking changes.
• actions/setup-python v4.3.0→v6: Was previously pinned to a specific patch version. Confirm there was no intentional reason for the pin (e.g., a regression in newer versions). The cache: "pip" option should still work in v6.
• actions: write permission in stale.yml: Verify this is acceptable from a security/least-privilege standpoint. This was added because actions/stale@v10 needs it to manage workflow runs.
• Trigger a test run on at least one warehouse (e.g., postgres) to confirm the upgraded actions work end-to-end in test-warehouse.yml.

Notes

• pmeier/pytest-results-action was moved from the floating @main ref to the pinned v0.8.0 tag, which adds Node 24 support. This is also a supply-chain improvement.
• All actions that were already at Node 24-compatible versions (e.g., actions/setup-python@v6 in cleanup-stale-schemas.yml and test-warehouse.yml) were left unchanged.

Link to Devin session: https://app.devin.ai/sessions/cfef8561ef684ea4bdc30dfd48ed44c6
Requested by: @haritamar

Summary by CodeRabbit

• Chores
  • Updated multiple GitHub Actions dependencies to their latest stable versions across CI/CD workflows, including checkout, script execution, Python setup, and artifact publishing tools.
  • Pinned pytest results uploader action to a specific release version for consistency.
  • Enhanced workflow permissions for improved security posture.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

👋 @devin-ai-integration[bot]
Thank you for raising your pull request.
Please make sure to add tests and document all user-facing changes.
You can do this by editing the docs files in the elementary repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

GitHub Actions workflow files updated across the repository to use newer versions of several actions. Checkout upgraded from v4 to v6 in multiple workflows, GitHub script upgraded from v6/v7 to v8, setup-python upgraded from v4.3.0 to v6, artifact uploads upgraded from v4 to v6, pytest results pinned to a specific release, and additional permissions added to one workflow.

Changes

Cohort / File(s)	Summary
Checkout Action Upgrades .github/workflows/bump-version.yml, .github/workflows/cleanup-stale-schemas.yml, .github/workflows/run-precommit.yml, .github/workflows/test-warehouse.yml	Upgraded actions/checkout from v4 to v6 across multiple workflow files.
GitHub Script Upgrades .github/workflows/assign-devin-prs.yml, .github/workflows/bump-version.yml	Upgraded actions/github-script from v6 to v8 (v7 to v8 in assign-devin-prs); logic and control flow remain unchanged.
Setup and Testing Actions .github/workflows/run-precommit.yml, .github/workflows/test-warehouse.yml	Upgraded actions/setup-python from v4.3.0 to v6 in run-precommit; upgraded actions/upload-artifact from v4 to v6 in test-warehouse.
External Action and Permissions .github/workflows/stale.yml, .github/workflows/test-warehouse.yml	Added explicit permissions.actions: write to stale workflow; pinned pmeier/pytest-results-action from main branch to fixed v0.8.0 release in test-warehouse.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Versions up, actions gleam,
v4 to v6, a workflow dream!
Scripts and checkouts all renewed,
Permissions added, bugs precluded! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main objective: upgrading GitHub Actions to fix Node 20 deprecation warnings, which aligns with the primary purpose of updating action versions across multiple workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch devin/1774374083-upgrade-actions-node24

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

.github/workflows/stale.yml (1)

10-10: actions: write is not required for core functionality; consider removing it to follow least-privilege.

For actions/stale@v10, the minimum permissions needed to mark and close stale issues/PRs are issues: write and pull-requests: write (plus contents: write only if using delete-branch). The actions: write permission is used for internal state caching via @actions/cache, but this is optional. If caching overhead is acceptable or not a concern, remove this permission; otherwise, document why it's retained.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/stale.yml at line 10, Remove the broad "actions: write"
permission from the workflow and instead set only the least-privilege
permissions required (e.g., "issues: write" and "pull-requests: write" and
"contents: write" only if delete-branch is used); update the permissions block
in the workflow that currently contains "actions: write" and either remove that
entry or replace it with the specific permissions, or add a short comment
justifying retention if you intentionally need actions cache functionality.

.github/workflows/test-warehouse.yml (1)

251-251: Consider pinning to commit SHA for immutability. Moving to @v0.8.0 is a strong step forward. For stronger supply-chain guarantees, pin this third-party action to the release commit SHA 0841ca7.

Suggested hard pin

-        uses: pmeier/pytest-results-action@v0.8.0
+        uses: pmeier/pytest-results-action@0841ca7

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/test-warehouse.yml at line 251, Update the GitHub Actions
step that currently references the third‑party action
"pmeier/pytest-results-action@v0.8.0" to pin it to the specific commit SHA
(0841ca7) instead of the tag; locate the step using the "uses:
pmeier/pytest-results-action@v0.8.0" entry and replace the tag with the commit
SHA so the workflow uses "pmeier/pytest-results-action@0841ca7" for immutable
dependency resolution.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/stale.yml:
- Line 10: Remove the broad "actions: write" permission from the workflow and
instead set only the least-privilege permissions required (e.g., "issues: write"
and "pull-requests: write" and "contents: write" only if delete-branch is used);
update the permissions block in the workflow that currently contains "actions:
write" and either remove that entry or replace it with the specific permissions,
or add a short comment justifying retention if you intentionally need actions
cache functionality.

In @.github/workflows/test-warehouse.yml:
- Line 251: Update the GitHub Actions step that currently references the
third‑party action "pmeier/pytest-results-action@v0.8.0" to pin it to the
specific commit SHA (0841ca7) instead of the tag; locate the step using the
"uses: pmeier/pytest-results-action@v0.8.0" entry and replace the tag with the
commit SHA so the workflow uses "pmeier/pytest-results-action@0841ca7" for
immutable dependency resolution.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b74652d7-0bf9-46ee-914a-ce866b7d6d31

📥 Commits

Reviewing files that changed from the base of the PR and between 7a2b542 and 2b6ca7f.

📒 Files selected for processing (6)

• .github/workflows/assign-devin-prs.yml
• .github/workflows/bump-version.yml
• .github/workflows/cleanup-stale-schemas.yml
• .github/workflows/run-precommit.yml
• .github/workflows/stale.yml
• .github/workflows/test-warehouse.yml