From 3cc66f9ae5aa200ff75aa6c5a76b9ea50ff2ff20 Mon Sep 17 00:00:00 2001
From: ChiGao <arno.ga0@outlook.com>
Date: Thu, 14 May 2026 10:54:01 +0800
Subject: [PATCH] ci(deps): bump docker/* actions to Node 24 majors (#4131)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

GitHub Actions deprecates the Node 20 runtime; older versions of every
docker/* action run on Node 20 and emit the "Node.js 20 actions are
deprecated" warning in every release / e2e / image-build run today.

Each action shipped a "Node 24 as default runtime" major:

  - docker/setup-buildx-action  v3 → v4 (2026-03-05)
  - docker/setup-qemu-action    v3 → v4
  - docker/metadata-action      v5 → v6
  - docker/login-action         v3 → v4
  - docker/build-push-action    v6 → v7

None of our usages touch the deprecated inputs removed in the bumps —
release.yml / e2e.yml call setup-buildx with no `with:` block, and
build-and-publish-image.yml only passes the universally-supported
`images` / `tags` / `registry` / `username` / `password` / `context` /
`platforms` / `push` / `labels` / `build-args` inputs. ESM internal
refactor of each action is transparent to consumers.

Ratchet-pinned bumps use the v4.0.0 commit SHA
`4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd` (release.yml + e2e.yml).
Other action references in build-and-publish-image.yml use
`# ratchet:exclude` per existing convention, so version-string bumps
suffice there.

Verified runtime hosts (`actions/runner` v2.327.1+) are already in use
on github-hosted runners as of 2026-03; no infra bump required.

Co-authored-by: 秦奇 <gary.gq@alibaba-inc.com>
---
 .github/workflows/build-and-publish-image.yml | 10 +++++-----
 .github/workflows/e2e.yml                     |  2 +-
 .github/workflows/release.yml                 |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-and-publish-image.yml b/.github/workflows/build-and-publish-image.yml
index 79e6aa942..4a0482b99 100644
--- a/.github/workflows/build-and-publish-image.yml
+++ b/.github/workflows/build-and-publish-image.yml
@@ -67,14 +67,14 @@ jobs:
           echo "GitHub ref: ${{ github.ref }}"
 
       - name: 'Set up QEMU'
-        uses: 'docker/setup-qemu-action@v3' # ratchet:exclude
+        uses: 'docker/setup-qemu-action@v4' # ratchet:exclude
 
       - name: 'Set up Docker Buildx'
-        uses: 'docker/setup-buildx-action@v3' # ratchet:exclude
+        uses: 'docker/setup-buildx-action@v4' # ratchet:exclude
 
       - name: 'Extract metadata (tags, labels) for Docker'
         id: 'meta'
-        uses: 'docker/metadata-action@v5' # ratchet:exclude
+        uses: 'docker/metadata-action@v6' # ratchet:exclude
         with:
           images: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}'
           tags: |
@@ -89,7 +89,7 @@ jobs:
       - name: 'Log in to the Container registry'
         if: |-
           ${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true') }}
-        uses: 'docker/login-action@v3' # ratchet:exclude
+        uses: 'docker/login-action@v4' # ratchet:exclude
         with:
           registry: '${{ env.REGISTRY }}'
           username: '${{ github.actor }}'
@@ -97,7 +97,7 @@ jobs:
 
       - name: 'Build and push Docker image'
         id: 'build-and-push'
-        uses: 'docker/build-push-action@v6' # ratchet:exclude
+        uses: 'docker/build-push-action@v7' # ratchet:exclude
         with:
           context: '.'
           platforms: 'linux/amd64,linux/arm64'
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index e15bcf9a0..56229f28d 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -58,7 +58,7 @@ jobs:
       - name: 'Set up Docker'
         if: |-
           ${{ matrix.sandbox == 'sandbox:docker' }}
-        uses: 'docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435' # ratchet:docker/setup-buildx-action@v3
+        uses: 'docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd' # ratchet:docker/setup-buildx-action@v4
 
       - name: 'Set up Podman'
         if: |-
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1f79f6ba1..59e7dac83 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -266,7 +266,7 @@ jobs:
           npm ci --no-audit --progress=false
 
       - name: 'Set up Docker'
-        uses: 'docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435' # ratchet:docker/setup-buildx-action@v3
+        uses: 'docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd' # ratchet:docker/setup-buildx-action@v4
 
       - name: 'Build Sandbox'
         env: