Update GitHub actions checkout and setup-python

[AyanSinhaMahapatra]

On tests, release scripts and other GitHub actions we see the following warning message now:

Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16: actions/checkout@v2, actions/setup-python@v2. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

From https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/

Node 12 has been out of support since [April 2022](https://github.com/nodejs/Release/#end-of-life-releases), as a result we have started the deprecation process of Node 12 for GitHub Actions. We plan to migrate all actions to run on Node16 by Summer 2023.
...
What you need to do
For Actions users: Update your workflows with latest versions of the actions which runs on Node 16 ([Using versions for Actions](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-versioned-actions))

For us this is:

• https://github.com/actions/setup-python
• https://github.com/actions/checkout/

v3 of https://github.com/actions/checkout/ seems to be upgraded to latest node 16: https://github.com/actions/checkout/compare/v2.4.2...v3.0.2#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R17-R18

We might want to look at the CHANGELOG too for possible breaking changes too potentially.

I've tested this on my fork of scancode-toolkit with https://github.com/nexB/scancode-toolkit/commit/1448e661ebe5269de666eb069318f1b8bd16cba4: and the doc and release script tests pass allright, here are some links to the actions before and after this update

Before:

• https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/5050474344
• https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/5050474343
• https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/5050474341

After:

• https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/5050684894
• https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/5050684893
• https://github.com/AyanSinhaMahapatra/scancode-toolkit/actions/runs/5050684892

There are other github actions we use btw (which we use the latest versions of):

• actions/download-artifact@v3
• actions/upload-artifact@v3
• softprops/action-gh-release@v1

[AyanSinhaMahapatra]

We also have this for pypa/gh-action-pypi-publish@master which needs to be updated to pypa/gh-action-pypi-publish@release/v1:

 You are using "pypa/gh-action-pypi-publish@master". The "master" branch of this project has been sunset and will not receive any updates, not even security bug fixes. Please, make sure to use a supported version. If you want to pin to v1 major version, use "pypa/gh-action-pypi-publish@release/v1". If you feel adventurous, you may opt to use use "pypa/gh-action-pypi-publish@unstable/v1" instead. A more general recommendation is to pin to exact tags or commit shas.

[pombredanne]

I created the new elf-inspector repo and I am still getting the issue:

Annotations
2 warnings
Create PyPI release: # >> PyPA publish to PyPI GHA: UNSUPPORTED GITHUB ACTION VERSION <<#L1
 You are using "pypa/gh-action-pypi-publish@master". The "master" branch of this project has been sunset and will not receive any updates, not even security bug fixes. Please, make sure to use a supported version. If you want to pin to v1 major version, use "pypa/gh-action-pypi-publish@release/v1". If you feel adventurous, you may opt to use use "pypa/gh-action-pypi-publish@unstable/v1" instead. A more general recommendation is to pin to exact tags or commit shas.

Has the the GH action been updated in the skeletton?

[AyanSinhaMahapatra]

Yeah we still have this here: https://github.com/nexB/skeleton/blob/main/.github/workflows/pypi-release.yml#L81