bump GitHub Actions versions off the deprecated Node 20 runtime

[phanan]

The release workflow's run output is currently noisy with Node 20 deprecation warnings — GitHub is removing Node 20 from runners by September 2026 and forcing the default to Node 24 in June 2026. All the action versions we're pinned to ship Node 20 binaries.

Bumping every action to its current major:

action	from	to
actions/checkout	v3	v4
docker/setup-qemu-action	v2.1.0	v3
docker/setup-buildx-action	v2.2.1	v3
docker/login-action	v2.1.0	v3
docker/build-push-action	v3.2.0	v6
e1himself/goss-installation-action	v1.0.4	v1.2.1

Composite test action

build-push-action@v6 strictly requires setup-buildx-action to have run first. The test composite action wasn't setting it up (the original v3.2.0 had a softer fallback). Two adjustments:

• Added docker/setup-buildx-action@v3 step before the build.
• Set load: true on the build-push-action call so the resulting image is available to the local Docker daemon — without this, buildx builds but doesn't load, and the subsequent dgoss run phanan/koel:test would fail with "image not found."

Test plan

• CI on this PR (the Continuous integration workflow runs on PRs) exercises the test action — green confirms the buildx + load: true wiring works end-to-end.
• After merge, the next release tag should produce a clean run with no deprecation warnings.

Summary by CodeRabbit

Release Notes

• Chores
  • Updated GitHub Actions dependencies across CI/CD workflows to latest versions
  • Upgraded Docker build infrastructure and multi-architecture support tooling
  • Enhanced Docker image build configuration for improved performance
  • Updated testing framework infrastructure with latest compatible versions

[coderabbitai]

Warning

Rate limit exceeded

@phanan has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 48 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 78ee6fbe-be8c-45c0-bb73-0b0192d36d9f

📥 Commits

Reviewing files that changed from the base of the PR and between c6b7c35 and 7bbb750.

📒 Files selected for processing (3)

• .github/actions/test/action.yml
• .github/workflows/ci.yml
• .github/workflows/release.yml

📝 Walkthrough

Walkthrough

The PR updates GitHub Actions workflow and test action versions. Specifically, it upgrades actions/checkout from v3 to v4, bumps Docker tooling actions (buildx, QEMU, login) to v3, and upgrades docker/build-push-action from v3.2.0 to v6, while also updating the goss installation action and adding Docker Buildx setup to the test action.

Changes

GitHub Actions Dependency Updates

Layer / File(s)	Summary
Checkout Action Upgrade .github/workflows/ci.yml, .github/workflows/release.yml	actions/checkout updated from @v3 to @v4 in test and deploy jobs.
Docker Buildx & Setup .github/actions/test/action.yml, .github/workflows/release.yml	docker/setup-buildx-action added to test action and upgraded to @v3 in release workflow; docker/setup-qemu-action upgraded to @v3 in release deploy job.
Docker Login & Build Actions .github/workflows/release.yml	docker/login-action upgraded to @v3; docker/build-push-action upgraded from @v3.2.0 to @v6 in both test and release workflows.
Test Action Configuration .github/actions/test/action.yml	Goss installation action updated to @v1.2.1; load: true added to Docker build step while retaining push: false.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Versions hop and bounds increase,
Actions dance in harmony's peace,
From v3 to v4, and six on the scene,
Our CI pipeline's never been cleaner! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: updating GitHub Actions to versions that don't use the deprecated Node 20 runtime, which is clearly the primary objective of this changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bump-github-actions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 29 minutes and 48 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

27-51: LGTM – action versions and step ordering are correct.

QEMU → Buildx → Login → Build-and-push is the correct sequencing for multi-platform pushes. push: true with no load: true is the right pattern for registry distribution.

One minor heads-up: the current Docker docs already reference docker/setup-qemu-action@v4, docker/setup-buildx-action@v4, docker/login-action@v4, and docker/build-push-action@v7, though the v3/v6 combination fully resolves the Node 20 deprecation that motivates this PR.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 27 - 51, Update the GitHub
Actions step versions to the newer releases referenced in the Docker docs: bump
docker/setup-qemu-action@v3 → `@v4`, docker/setup-buildx-action@v3 → `@v4`,
docker/login-action@v3 → `@v4`, and docker/build-push-action@v6 → `@v7` while
preserving the existing step order (Set up QEMU → Set up Docker Build → Login to
DockerHub → Build and push the production image) and keeping push: true (no
load: true) and the platforms/tags configuration unchanged; this ensures
compatibility with current Docker recommendations without changing the workflow
logic.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 27-51: Update the GitHub Actions step versions to the newer
releases referenced in the Docker docs: bump docker/setup-qemu-action@v3 → `@v4`,
docker/setup-buildx-action@v3 → `@v4`, docker/login-action@v3 → `@v4`, and
docker/build-push-action@v6 → `@v7` while preserving the existing step order (Set
up QEMU → Set up Docker Build → Login to DockerHub → Build and push the
production image) and keeping push: true (no load: true) and the platforms/tags
configuration unchanged; this ensures compatibility with current Docker
recommendations without changing the workflow logic.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a9d8eb2c-de7a-47bc-a5b1-979896ee656f

📥 Commits

Reviewing files that changed from the base of the PR and between 2b611fd and c6b7c35.

📒 Files selected for processing (3)

• .github/actions/test/action.yml
• .github/workflows/ci.yml
• .github/workflows/release.yml