chore(ci): upgrade checkout to v5

[rejected-l]

GitHub-hosted runners now use Node 24, so actions/checkout@v5 is required. Minimum runner version v2.327.1. Workflows only updated—no functional changes.

See: https://github.com/actions/checkout/releases/tag/v5.0.0

Summary by CodeRabbit

• Chores
  • Upgraded CI pipelines (build, test, publish) to use the latest GitHub Checkout action, modernizing our automation stack.
  • Improves security, stability, and performance of builds and releases.
  • No functional changes to the product or APIs; release cadence and test execution remain the same. No action required from users.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Walkthrough

Updates GitHub Actions workflows to use actions/checkout@v5 in build, publish, and test pipelines. No other steps or control flows are changed.

Changes

Cohort / File(s)	Summary of Changes
CI: Checkout bump (v4→v5) .github/workflows/build.yaml, .github/workflows/test.yaml	Update uses: actions/checkout from v4 to v5; all other steps unchanged.
CI: Checkout bump (v3→v5) .github/workflows/publish.yaml	Update uses: actions/checkout from v3 to v5; all other steps unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

I hop through YAML, light and swift,
Nudging checkout for a tiny lift.
From v3, v4 to shiny v5,
Our pipelines squeak and hum alive.
Carrot-shaped commits, CI delight—
Ship-hop-hooray, it’s running right! 🥕🐇

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (6)

.github/workflows/build.yaml (2)

41-41: YAML/config typo: stray backtick in cache-to.

The trailing backtick will break the input and likely cause the build-push step to fail parsing the cache configuration.

Apply this fix:

-          cache-to: type=gha,mode=max`
+          cache-to: type=gha,mode=max

---

29-33: docker/login-action@v1 runs on deprecated Node 12 — upgrade required.

v1 is no longer supported on modern runners. Use v3 and prefer github.actor for username.

Apply this upgrade:

-      - name: 'Login to GitHub Container Registry'
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: reclaimprotocol
-          password: ${{secrets.GITHUB_TOKEN}}
+      - name: 'Login to GitHub Container Registry'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yaml (1)

24-24: setup-node v3 uses older runtime — bump to v4 for Node 20.

Keeps consistency with test workflow and avoids deprecated Node versions in actions.

-      - name: Setup Node.js
-        uses: actions/setup-node@v3
+      - name: Setup Node.js
+        uses: actions/setup-node@v4

.github/workflows/test.yaml (3)

16-21: matrix.node-version is referenced but no matrix is defined.

This will resolve to empty and fail the setup-node step. Add a strategy.matrix or pin a version.

Option A — add a matrix (recommended):

 jobs:
   test:
     runs-on: ubuntu-latest
     timeout-minutes: 20
     if: "!contains(github.event.head_commit.message, 'docs') && !contains(github.event.head_commit.message, 'wip')"
+    strategy:
+      matrix:
+        node-version: [22]
 
     steps:
       - uses: actions/checkout@v5
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache: npm

Option B — pin a single version:

-          node-version: ${{ matrix.node-version }}
+          node-version: 22

---

21-25: Duplicate caching: npm cache plus node_modules cache.

Using setup-node’s cache: npm together with caching node_modules is redundant and can slow builds or cause stale installs. Prefer npm cache only.

Remove the explicit node_modules cache:

-      - uses: actions/cache@v4
-        with:
-          path: '**/node_modules'
-          key: ${{runner.os}}-modules-${{hashFiles('**/package-lock.json')}}

---

25-27: Use npm ci for reproducible, faster CI installs.

npm ci is purpose-built for CI and respects the lockfile strictly.

-      - name: Install packages
-        run: npm i
+      - name: Install packages
+        run: npm ci

🧹 Nitpick comments (2)

.github/workflows/build.yaml (1)

36-36: Consider upgrading build-push action to latest maintained major.

v6 is current and brings fixes/features; also built on Node 20.

-      - name: Build & Push Image
-        uses: docker/build-push-action@v5
+      - name: Build & Push Image
+        uses: docker/build-push-action@v6

.github/workflows/publish.yaml (1)

20-21: Unnecessary GH_TOKEN env on checkout step.

actions/checkout uses the built-in GITHUB_TOKEN automatically; exporting GH_TOKEN here adds no value.

-        env:
-          GH_TOKEN: ${{ github.token }}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 18571a4 and aff6de7.

📒 Files selected for processing (3)

• .github/workflows/build.yaml (1 hunks)
• .github/workflows/publish.yaml (1 hunks)
• .github/workflows/test.yaml (1 hunks)

🔇 Additional comments (3)

.github/workflows/build.yaml (1)

23-23: Checkout upgraded to v5 — good call.

This aligns with GitHub-hosted runners moving to Node 24 and the min runner version requirement.

.github/workflows/publish.yaml (1)

19-19: Checkout upgraded to v5 — looks good.

.github/workflows/test.yaml (1)

15-15: Checkout upgraded to v5 — good.

[coderabbitai]

🛠️ Refactor suggestion

Upgrade Buildx setup action to Node 20-compatible major.

docker/setup-buildx-action@v2 runs on older Node. v3 is recommended and maintained.

-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: docker/setup-buildx-action@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

🧰 Tools

🪛 actionlint (1.7.7)

26-26: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

.github/workflows/build.yaml around line 26: the workflow uses
docker/setup-buildx-action@v2 which relies on an older Node version; update the
action reference to the Node-20-compatible major by changing it to
docker/setup-buildx-action@v3, then run the workflow to verify no breaking
changes in inputs/outputs (adjust any renamed parameters per the v3 docs) and
pin to a specific v3.x if you want reproducible behavior.