update CI actions

[noraj]

Hoping this could fix #852.

[jasonkarns]

The actions are all failing due to the bot's token expiring.

Though I'm still keen to bump the actions. I'd prefer we probably switch from depfu to dependabot, which will them bump our actions as part of dep updates.

Since that's not in place yet, I'm still fine to bump these actions, but would like to see what the breaking changes are that warranted the major version bumps. Can you summarize what the breaking changes are for the versions we're moving to?

[noraj]

For actions/checkout, I have bumped tons from v2 to v4, there is no breaking change. That's essentially updating the version of nodejs used on the underlying image.

For peter-evans/create-pull-request, I believe the only braking change that could impact you is

The default values for author and committer have changed.

but you are not concerned for committer since you provide a custom value and for author, it's now:

The default value for author has been changed to ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>. The change adds the ${{ github.actor_id }}+ prefix to the email address to align with GitHub's standard format for the author email address.

See https://github.com/peter-evans/create-pull-request/blob/main/docs/updating.md

As for actions/setup-node, I believe nothing impacts you:

• https://github.com/actions/setup-node/releases/tag/v4.0.0
• https://github.com/actions/setup-node/releases/tag/v3.0.0
• https://github.com/actions/setup-node/releases/tag/v2.0.0

[jasonkarns]

Awesome, thank you. I'll take a closer look tonight but this should be able to land!