CI: actions/checkout v3 to v5

[luojiyin1987]

Summary by CodeRabbit

• Chores
  • Updated the production deployment workflow to use the latest version of the checkout action, aligning with current best practices and security updates. No changes to the deployment steps or logic.
  • No user-facing changes; application behavior remains the same.

[coderabbitai]

Walkthrough

Updated the GitHub Actions workflow for production deployment by bumping actions/checkout from v3 to v5 in .github/workflows/deploy-oss.yml. No other steps or logic were changed.

Changes

Cohort / File(s)	Summary
CI workflow version bump .github/workflows/deploy-oss.yml	Update actions/checkout from v3 to v5; no other modifications.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

I thump my paws—a tidy hop,
Our pipeline gets a shiny prop.
From v3 to v5 we go,
The gears still whir, the builds still flow.
A carrot toast to versions new—
Deploys remain as crisp as dew.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title "CI: actions/checkout v3 to v5" succinctly and accurately describes the primary change — upgrading actions/checkout in the CI workflow. It is concise, specific, and directly related to the changeset, allowing a reviewer to understand the main intent at a glance. The title avoids unnecessary noise and focuses on the most important change.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch CI/update-actions-checkout

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dosubot]

Related Documentation

Checked 10 published document(s). No updates required.

^{How did I do? Any feedback?}  

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/deploy-oss.yml (1)

46-53: Use key‑based SSH auth and pin host keys; avoid “password” fields for keys.

You’re passing a secret named SSH_KEY into password. Prefer private key inputs and host key pinning for both actions. Also separate SSH auth from sudo creds. (github.com)

-              with:
-                  local: ./build
-                  remote: /tmp/${{ env.BOX_NAME }}
-                  host: ${{ secrets.HOST }}
-                  username: ${{ secrets.USER }}
-                  password: ${{ secrets.SSH_KEY }}
+              with:
+                  local: ./build
+                  remote: /tmp/${{ env.BOX_NAME }}
+                  host: ${{ secrets.HOST }}
+                  username: ${{ secrets.USER }}
+                  privateKey: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+                  passphrase: ${{ secrets.DEPLOY_SSH_PASSPHRASE }}

-              with:
-                  host: ${{ secrets.HOST }}
-                  username: ${{ secrets.USER }}
-                  password: ${{ secrets.SSH_KEY }}
+              with:
+                  host: ${{ secrets.HOST }}
+                  username: ${{ secrets.USER }}
+                  key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+                  passphrase: ${{ secrets.DEPLOY_SSH_PASSPHRASE }}
+                  fingerprint: ${{ secrets.HOST_SSH_FINGERPRINT }}

Optional: keep a separate secret for sudo (don’t reuse SSH creds) and consider avoiding sudo by granting the deploy user minimal required privileges.

Also applies to: 55-60

🧹 Nitpick comments (2)

.github/workflows/deploy-oss.yml (2)

25-26: Update Docker setup actions to v3 (current recommended).

Both actions have v3 as the current line; upgrade for maintained features and fixes.

-            - uses: docker/setup-qemu-action@v2
-            - uses: docker/setup-buildx-action@v2
+            - uses: docker/setup-qemu-action@v3
+            - uses: docker/setup-buildx-action@v3

Refs show v3 in examples/readme. (github.com)

---

29-29: Consider bumping docker/build-push-action to v6.

v6 is the current stable and aligns with newer cache/back-end requirements and docs. This future‑proofs builds (e.g., GA cache API v2 era). (docs.docker.com)

-              uses: docker/build-push-action@v3
+              uses: docker/build-push-action@v6

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 90444ce and c0e9604.

📒 Files selected for processing (1)

• .github/workflows/deploy-oss.yml (1 hunks)

🔇 Additional comments (1)

.github/workflows/deploy-oss.yml (1)

23-23: Good bump to actions/checkout v5; verify runner compatibility if self‑hosted.

V5 is live and uses the Node 24 runtime; it requires Actions Runner ≥ v2.327.1. On GitHub‑hosted runners you’re fine; for any self‑hosted, confirm runner version. (github.com)