chore: update workflows to use ubuntu-24.04 (#7241)

Change the runner environment for multiple GitHub Actions workflows from `ubuntu-latest` to `ubuntu-24.04` to ensure compatibility with the latest features and security updates. 

Additionally, adjust comments in the SDK spec test script for clarity and consistency.

Author: skyrpex

.github/workflows/build.yml

@@ -28,7 +28,7 @@ jobs:
   build:
     name: "Build"
     timeout-minutes: 30
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     outputs:
       version: ${{ fromJson(steps.changelog.outputs.data).newVersion }}
       last-version: ${{ fromJson(steps.changelog.outputs.data).lastVersion }}
@@ -44,7 +44,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@v4
         with:
           version: ${{ env.PNPM_VERSION }}
 
@@ -69,6 +69,11 @@ jobs:
       - name: Install Dependencies
         run: pnpm install --frozen-lockfile
 
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_wrapper: false
+
       - name: Derive appropriate SHAs for base and head
         id: shas
         uses: nrwl/nx-set-shas@v3
@@ -97,13 +102,13 @@ jobs:
   test:
     name: Test
     timeout-minutes: 30
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@v4
         with:
           version: ${{ env.PNPM_VERSION }}
 
@@ -128,9 +133,16 @@ jobs:
       - name: Install Playwright
         working-directory: wing-console/console/app
         run: |
-          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
           pnpm exec playwright install --with-deps
 
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_wrapper: false
+
+      - name: Verify Terraform installation
+        run: terraform -v
+
       - name: Test
         run: pnpm test:ci
 
@@ -148,7 +160,7 @@ jobs:
   benchmark:
     name: Benchmark
     if: needs.build.outputs.bench-changed == 'true' || contains(github.event.pull_request.labels.*.name, '🧪 pr/e2e-full')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs:
       - build
     steps:
@@ -162,7 +174,7 @@ jobs:
           path: dist
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@v4
         with:
           version: ${{ env.PNPM_VERSION }}
 
@@ -224,7 +236,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@v4
         with:
           version: ${{ env.PNPM_VERSION }}
 
@@ -277,7 +289,7 @@ jobs:
 
   console-preview:
     name: "Console Preview"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs:
       - build
     env:
@@ -324,7 +336,7 @@ jobs:
 
   quality-gate:
     name: Quality Gate
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     if: ${{ !cancelled() }}
     needs:
       - build
@@ -362,7 +374,7 @@ jobs:
     needs:
       - quality-gate
       - build
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Download Build Artifacts
         uses: actions/download-artifact@v4

.github/workflows/canary.yml

@@ -1,7 +1,7 @@
 name: Canary Testing
 on:
   schedule:
-    - cron: '0 * * * *'
+    - cron: "0 * * * *"
   workflow_dispatch: {}
   release:
     types:
@@ -16,7 +16,7 @@ jobs:
       fail-fast: true
       matrix:
         runner:
-          - ubuntu-latest
+          - ubuntu-24.04
           - windows-latest
           - macos-latest
         node:

.github/workflows/delete-console-preview.yml

@@ -13,7 +13,7 @@ env:
 jobs:
   destroy:
     name: "Destroy"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !startsWith(github.head_ref, 'mergify/merge-queue/') }}
     steps:
       - name: Install flyctl

.github/workflows/issue-backlogger.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   add-to-backlog:
     name: "Add issue to backlog"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/[email protected]
         with:

.github/workflows/matrix-update.yml

@@ -8,13 +8,13 @@ env:
 
 jobs:
   update:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@v4
         with:
           version: ${{ env.PNPM_VERSION }}
 

.github/workflows/mutation.yml

@@ -20,7 +20,7 @@ permissions:
 
 jobs:
   mutate:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'failure' && (!contains(fromJSON('["main", "dev"]'), github.event.workflow_run.head_branch) || github.event.workflow_run.head_repository.fork)
     steps:
       - name: Download artifacts
@@ -50,7 +50,7 @@ jobs:
             It requires private repo read/write permissions." >> $GITHUB_STEP_SUMMARY
             exit 1
           fi
-      
+
       - name: Find associated pull request
         id: pr
         uses: actions/github-script@v7

.github/workflows/new-pull-request-comment.yml

@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   comment:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     if: ${{ !startsWith(github.head_ref, 'mergify/merge-queue/') }}
     steps:
       - name: Comment on new PR

.github/workflows/periodic-azure-clean.yml

@@ -10,7 +10,7 @@ env:
 
 jobs:
   azure-cleanup:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: test if is maintainer
         uses: tspascoal/get-user-teams-membership@v3

.github/workflows/pull-request-lint.yml

@@ -11,7 +11,7 @@ on:
 jobs:
   validate:
     name: Validate PR title
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     if: ${{ !startsWith(github.head_ref, 'mergify/merge-queue/') }}
     steps:
       - uses: amannn/[email protected]

.github/workflows/release-commenter.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   release:
     name: "Post release comments"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: apexskier/github-release-commenter@v1
         with:

.github/workflows/sdk-spec-test.yml

@@ -51,7 +51,7 @@ env:
 
 jobs:
   setup:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: test if is maintainer
         uses: tspascoal/get-user-teams-membership@v3
@@ -75,7 +75,8 @@ jobs:
       - name: Get list of directories and save them to the output
         id: setdirs
         shell: bash
-        run: | # TODO: skipping std, math and external folders, when https://github.com/winglang/wing/issues/3168 is resolve- we'll skip only the external folder.
+        run:
+          | # TODO: skipping std, math and external folders, when https://github.com/winglang/wing/issues/3168 is resolve- we'll skip only the external folder.
           dirs=$(ls -d tests/sdk_tests/*/ | sed 's/\/$//' | grep -v "external\|std\|math" | jq -R -s -c 'split("\n")[:-1]')
           processed_dirs=$(echo "{ \"directory\": $dirs }" | jq -c '[ .directory[] | {directory: ., name: (split("/") | last)}]')
           wrapped_dirs=$(echo $processed_dirs | jq -c .)
@@ -99,7 +100,7 @@ jobs:
 
   test:
     needs: setup
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       max-parallel: 10
@@ -116,7 +117,7 @@ jobs:
 
       - name: Setup pnpm
         if: ${{ env.MANUAL ==  'true' }}
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@v4
         with:
           version: ${{ env.PNPM_VERSION }}
 

.github/workflows/update-docsite.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   update-docsite:
     name: Dispatch docsite update workflow event
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - run: |
           curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" https://api.github.com/repos/winglang/docsite/actions/workflows/41365537/dispatches -d '{"ref":"main"}'

docs/docs/08-guides/02-ci-cd.md

@@ -1,14 +1,22 @@
 ---
 title: CI/CD
 id: ci-cd
-keywords: [CICD, Continuous Integration, Continuous Deployment, Deployment, GitHub Actions]
+keywords:
+  [
+    CICD,
+    Continuous Integration,
+    Continuous Deployment,
+    Deployment,
+    GitHub Actions,
+  ]
 ---
 
 Wing supports compilation to various targets including `tf-aws`, `tf-azure`, and `tf-gcp`. After compilation, Wing does not impose a specific deployment method for your infrastructure. Its Terraform target compatibility ensures that nearly all existing services can be utilized for deployment, offering considerable flexibility to choose the approach best aligned with your organizational needs or preferences.
 
 This guide will detail the complete deployment lifecycle of a Wing application using GitHub Actions and the `tf-aws` target.
 
 ## Setup
+
 ### Managing Access for GitHub Actions and AWS
 
 It's generally discouraged to use static, long-lived IAM user credentials due to associated security risks.
@@ -53,16 +61,16 @@ concurrency:
 
 permissions:
   id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
+  contents: read # This is required for actions/checkout
 
 env:
-  AWS_REGION: 'us-east-1'
-  TF_BACKEND_BUCKET: 'my-terraform-state-bucket-with-a-globally-unique-name'
-  TF_BACKEND_BUCKET_REGION: 'us-east-1'
+  AWS_REGION: "us-east-1"
+  TF_BACKEND_BUCKET: "my-terraform-state-bucket-with-a-globally-unique-name"
+  TF_BACKEND_BUCKET_REGION: "us-east-1"
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -76,7 +84,7 @@ jobs:
         uses: winglang/wing-github-action/actions/deploy@main
         with:
           entry: main.w
-          target: 'tf-aws'
+          target: "tf-aws"
 ```
 
 ### Pull Request Diffs
@@ -88,17 +96,17 @@ on: [pull_request]
 
 permissions:
   id-token: write # This is required for requesting the JWT
-  contents: read  # This is required for actions/checkout
+  contents: read # This is required for actions/checkout
   pull-requests: write # This is required for commenting on PRs
 
 env:
-  AWS_REGION: 'us-east-1'
-  TF_BACKEND_BUCKET: 'my-terraform-state-bucket-with-a-globally-unique-name'
-  TF_BACKEND_BUCKET_REGION: 'us-east-1'
+  AWS_REGION: "us-east-1"
+  TF_BACKEND_BUCKET: "my-terraform-state-bucket-with-a-globally-unique-name"
+  TF_BACKEND_BUCKET_REGION: "us-east-1"
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -112,9 +120,10 @@ jobs:
         uses: winglang/wing-github-action/actions/pull-request-diff@main
         with:
           entry: main.w
-          target: 'tf-aws'
+          target: "tf-aws"
           github-token: ${{ secrets.GITHUB_TOKEN }}
 ```
+
 ## Custom GitHub Actions Workflow for AWS
 
 Most users will find using the Wing GitHub Action within GitHub Actions as the simplest and most effective method. However, if you have specific requirements such as additional build steps, you may need to create your own custom GitHub Actions Workflow.
@@ -191,7 +200,7 @@ env:
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4