Conversation
Bumps node from 24.13.1-alpine3.22 to 25.7.0-alpine3.22. --- updated-dependencies: - dependency-name: node dependency-version: 25.7.0-alpine3.22 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…nto the "develop" branch" chore: bump node from 24.13.1-alpine3.22 to 25.7.0-alpine3.22
…" branch This merge removes the three automated downstream workflows that were introduced in ci/dependabot-auto-release and the VERSION file they consumed. The Dependabot configuration at .github/dependabot.yml is deliberately retained so that Dependabot continues to detect new Node.js base image versions and open labelled PRs against develop — only the automated handling of those PRs beyond the initial detection is being stripped out. The auto-merge-dependabot workflow, which automatically enabled auto-merge on any Dependabot PR carrying the dependencies label, is removed to restore maintainer control over what lands on develop. The release-from-develop workflow, which fired on every develop push by dependabot[bot] and used peter-evans/create-pull-request to automatically construct a release/v<semver>-<node_version> branch and open a PR to main, is removed to restore the manual release branch and PR creation process documented in CONTRIBUTING.md. The tag-and-release workflow, which triggered on every push to main and automatically created an annotated Git tag and published a GitHub Release via actions/create-release, is removed to restore the existing convention of manually pushing version tags to trigger the deployment workflow. The VERSION file, which held the 1.0.0 SemVer component consumed by both release-from-develop and tag-and-release to construct tag names, is removed as it no longer serves any purpose without those workflows. The release process returns to full manual control: a maintainer creates the release branch, opens the PR to main, merges it, and pushes the version tag. The deployment workflow continues to trigger on v* tag pushes to main exactly as before. There are no changes to any workflow that was active prior to ci/dependabot-auto-release, no behavioral impact on the Dockerfile or published image, and no migration steps required.
This merge updates CONTRIBUTING.md and README.md to bring both documents into alignment with the current state of the repository after the ci/dependabot-auto-release and ci/remove-unnecessary-automation merges landed on develop. In CONTRIBUTING.md, the two commit and PR title examples that referenced Node.js 24.14.0 are updated to 25.7.0. The entire Automated Dependency Management section, including the VERSION File subsection, is removed — it documented the auto-merge-dependabot, release-from-develop, and tag-and-release workflows that no longer exist. The Release Process section is rewritten from the former automated seven-step flow to a manual five-step flow: a maintainer creates a release/v<semver>-<node_version> branch off develop, opens a PR to main, merges it, pushes the version tag, and the existing deployment workflow triggers automatically on the v* tag to publish the image. The Dockerfile Constraints version example is updated from node:24.13.1-alpine3.22 to node:25.7.0-alpine3.22. In README.md, the Node.js Version entry in the Key Features table is updated from 24.13.1 to 25.7.0. The Usage section Dockerfile examples are updated: the builder stage reference moves from node:24.13.1-alpine3.22 to node:25.7.0-alpine3.22, and the final runtime stage moves from runtimenode/runtime-node:v1.0.0-24.13.1 to runtimenode/runtime-node:v2.0.0-25.7.0. The Pinning to a Specific Version example is updated to match. The Automated Dependency Management & Release paragraph is removed from the CI/CD & Quality Guarantees section. The Versioning section is updated to remove the reference to the VERSION file and the example tag is updated from v1.0.0-24.13.1 to v2.0.0-25.7.0. The peter-evans/create-pull-request and actions/create-release entries are removed from the Acknowledgements section as the workflows that depended on them have been deleted. No changes are made to any workflow file, the Dockerfile, or any other operational file. This is a documentation-only change with no behavioral impact.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR promotes
release/v2.0.0-25.7.0intomain, marking the third release of Runtime Node. The Node.js runtime is upgraded from24.13.1to25.7.0, which is the primary driver of the major version bump. In the same release cycle, the three downstream automation workflows introduced inci/dependabot-auto-release(auto-merge-dependabot,release-from-develop,tag-and-release) and theVERSIONfile they depended on are removed, restoring the release process to full manual control. BothCONTRIBUTING.mdandREADME.mdare updated to reflect the new Node.js version and the current manual release process.Files Changed
Added:
Modified:
DockerfileCONTRIBUTING.mdREADME.mdDeleted:
.github/workflows/auto-merge-dependabot.ymlrelease-from-develop.ymltag-and-release.ymlVERSIONKey Changes
Dockerfilebuilder stage base image fromnode:24.13.1-alpine3.22tonode:25.7.0-alpine3.22, upgrading the Node.js runtime extracted into the final scratch image from24.13.1to25.7.0..github/workflows/auto-merge-dependabot.yml— removed the workflow that automatically enabled auto-merge on Dependabot PRs carrying thedependencieslabel..github/workflows/release-from-develop.yml— removed the workflow that automatically created a release branch and opened a PR tomainwhenever a Dependabot merge landed ondevelop..github/workflows/tag-and-release.yml— removed the workflow that automatically created an annotated Git tag and published a GitHub Release on every push tomain.VERSION— removed the plain text SemVer source-of-truth file (1.0.0) that the two deleted release workflows depended on to construct version tags.CONTRIBUTING.md— replaced commit and PR title examples with Node.js25.7.0, removed theAutomated Dependency Managementsection andVERSION Filesubsection, rewrote theRelease Processsection as a manual five-step flow, and updated theDockerfile Constraintsversion example tonode:25.7.0-alpine3.22.README.md— bumped the Node.js Version entry in the Key Features table to25.7.0, updated all Dockerfile usage examples to referencenode:25.7.0-alpine3.22andruntimenode/runtime-node:v2.0.0-25.7.0, removed theAutomated Dependency Management & Releaseparagraph from the CI/CD & Quality Guarantees section, updated the Versioning section example tag tov2.0.0-25.7.0, and removedpeter-evans/create-pull-requestandactions/create-releasefrom the Acknowledgements section.