Skip to content

fix: Upgrade EC2 runners to 2.6.1 to support Node.js 24#126

Merged
courtneypacheco merged 1 commit into
mainfrom
update-ec2-runners
Jun 17, 2026
Merged

fix: Upgrade EC2 runners to 2.6.1 to support Node.js 24#126
courtneypacheco merged 1 commit into
mainfrom
update-ec2-runners

Conversation

@courtneypacheco

@courtneypacheco courtneypacheco commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

Description

Fixes this error:

Node 20 is being deprecated. This workflow is running with Node 24 by default. If you need to temporarily use Node 20, you can set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true environment variable. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/ Run machulav/ec2-github-runner@a6dbcefcf8a31a861f5e078bb153ed332130c512 Error: GitHub Registration Token receiving error
Error: HttpError: Bad credentials - https://docs.github.com/rest Error: Bad credentials - https://docs.github.com/rest

because the previous version only supports up to Node.js 20, but this new version (2.6.1) does: https://github.com/machulav/ec2-github-runner/releases/tag/v2.6.0

How Has This Been Tested?

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

  • Chores
    • Updated GitHub Actions workflow dependencies to newer versions for enhanced compatibility and stability in automated notebook and pipeline execution processes.

@courtneypacheco courtneypacheco requested a review from a team as a code owner June 17, 2026 22:50
@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Two GitHub Actions workflow files — execute-all-notebooks.yml and execute-kfp-localrunners.yml — each receive a one-line change updating the machulav/ec2-github-runner action pin from v2.4.3 to v2.6.1 in their respective launch-ec2-runner jobs. The stop-ec2-runner step and all other workflow logic remain unchanged in both files.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes


Supply chain surface (CWE-1357 / CWE-693): This is a mutable tag pin, not a SHA pin. machulav/ec2-github-runner@v2.6.1 can be silently force-pushed to point at arbitrary code — a known CI/CD supply chain attack vector (see SLSA threat model, and prior incidents such as tj-actions/changed-files CVE-2025-30066). The stop-runner step remains on an older unpinned tag, creating version skew. Both references must be pinned to immutable commit SHAs (e.g., machulav/ec2-github-runner@<full-sha>) and verified against the upstream release checksum before merge.

🚥 Pre-merge checks | ✅ 10
✅ Passed checks (10 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Contribution Quality And Spam Detection ✅ Passed Established contributor with prior infrastructure work; real operational issue (Node.js 24 compatibility); legitimate error messages; no spam signals. Incomplete stop-action update is a code review...
No Hardcoded Secrets ✅ Passed PR changes only update GitHub Action pinned commit SHAs in workflow files. All secrets are properly referenced via ${{ secrets.* }} context variables; no hardcoded credentials, API keys, tokens, or...
No Weak Cryptography ✅ Passed PR contains only GitHub Actions version updates (v2.4.3 to v2.6.1); no weak cryptographic primitives, custom crypto implementations, or non-constant-time secret comparisons detected in codebase.
No Injection Vectors ✅ Passed PR only updates GitHub Actions dependency versions (machulav/ec2-github-runner v2.4.3→v2.6.1); no injection vectors introduced: no SQL concatenation, shell injection, eval/exec, unsafe deserializat...
No Privileged Containers ✅ Passed PR modifies only GitHub Actions workflows, not Kubernetes/Helm manifests or Dockerfiles. Custom check for privileged containers is not applicable to CI/CD workflow YAML files.
No Sensitive Data In Logs ✅ Passed No logging statements expose passwords, tokens, API keys, PII, session IDs, or other sensitive data. Secrets are passed only via GitHub Actions input parameters, not logged.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: upgrading EC2 runners from v2.4.3 to v2.6.1 to support Node.js 24, which directly addresses the core issue causing workflow failures.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/execute-all-notebooks.yml:
- Around line 49-51: The EC2 GitHub runner actions have a version mismatch
between start and stop operations. In the file execute-all-notebooks.yml, the
start action machulav/ec2-github-runner at line 49-51 uses version v2.6.1, but
the corresponding stop action at line 164 uses the older v2.4.3. Similarly, in
execute-kfp-localrunners.yml, the stop action at line 186 also uses v2.4.3.
Update both stop actions to reference version v2.6.1 instead of v2.4.3 by
changing the hash reference for the machulav/ec2-github-runner stop action to
match the version used in the start action.

In @.github/workflows/execute-kfp-localrunners.yml:
- Around line 71-73: The "Stop EC2 runner" action at line 186 is using version
v2.4.3 (Node 20) which is incompatible with GitHub's enforced Node 24 runtime,
while the "Start Data Processing EC2 runner" action uses the compatible v2.6.1.
Update the Stop EC2 runner action to use the same version v2.6.1 with commit
hash 343a1b2ae682e681c3cec9a235d882da17ff04ef to ensure consistency and prevent
potential failures when terminating EC2 runners.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 42bfcfb6-2e2d-4d1d-8a19-dbe427db613b

📥 Commits

Reviewing files that changed from the base of the PR and between 36f93ff and 9a36611.

📒 Files selected for processing (2)
  • .github/workflows/execute-all-notebooks.yml
  • .github/workflows/execute-kfp-localrunners.yml

Comment thread .github/workflows/execute-all-notebooks.yml
Comment thread .github/workflows/execute-kfp-localrunners.yml
Fixes this error:

`Node 20 is being deprecated. This workflow is running with Node 24 by default. If you need to temporarily use Node 20, you can set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true environment variable. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Run machulav/ec2-github-runner@a6dbcef
Error: GitHub Registration Token receiving error
Error: HttpError: Bad credentials - https://docs.github.com/rest
Error: Bad credentials - https://docs.github.com/rest`

because the previous versoin only supports up to Node.js 20

Signed-off-by: Courtney Pacheco <6019922+courtneypacheco@users.noreply.github.com>
@courtneypacheco courtneypacheco changed the title fi: Upgrade EC2 runners to 2.6.1 to support Node.js 24 fix: Upgrade EC2 runners to 2.6.1 to support Node.js 24 Jun 17, 2026

@shruthis4 shruthis4 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@courtneypacheco courtneypacheco merged commit 76564ea into main Jun 17, 2026
7 checks passed
@mergify

mergify Bot commented Jun 17, 2026

Copy link
Copy Markdown

🎉 Auto-merged successfully!

All reviewers approved: 1
CI checks passed: All

Approved by:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants