chore: upgrade GitHub Actions to Node 24-compatible versions

[bundolee]

Summary

• Upgrade all GitHub Actions to versions supporting Node.js 24, ahead of the June 2026 deprecation of Node.js 20 runners
• Incorporates the work from Upgrade GitHub Actions for Node 24 compatibility #326 and Upgrade GitHub Actions to latest versions #327 (rebased on current main after CI rewrite)

Changes

Action	Old	New
actions/checkout	v4	v6
actions/setup-java	v4	v5
actions/setup-python	v5	v6
actions/setup-node	v4	v6
actions/upload-artifact	v4	v7
actions/download-artifact	v4	v8
astral-sh/setup-uv	v4	v7
pnpm/action-setup	v4	v5
softprops/action-gh-release	v1	v2

Context

Per GitHub's announcement, Node 20 is being deprecated and runners will default to Node 24 starting June 2nd, 2026.

Credit to @salmanmkc for the original PRs (#326, #327).

Co-authored-by: Salman Chishti salmanmkc@users.noreply.github.com

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow dependencies to latest versions for improved compatibility and security across release, documentation sync, and test/benchmark pipelines.

[coderabbitai]

📝 Walkthrough

Walkthrough

GitHub Actions workflow version updates across three files. Multiple actions upgraded to newer major versions, including checkout, setup tools (Java, Python, Node), artifact handling, and release publishing actions. No code logic or control flow changes.

Changes

Cohort / File(s)	Summary
GitHub Actions Version Updates .github/workflows/release.yml, .github/workflows/sync-docs.yml, .github/workflows/test-benchmark.yml	Upgraded multiple GitHub Actions to newer major versions: checkout (v4→v6), setup-java (v4→v5), setup-python (v5→v6), setup-uv (v4→v7), setup-node (v4→v6), upload-artifact (v4→v7), download-artifact (v4→v8), pnpm/action-setup (v4→v5), and softprops/action-gh-release (v1→v2).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Hop along with actions bright,
V-bumps made workflows sleek and tight,
From checkout to release we gleam,
Modernized by the latest team! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: upgrading GitHub Actions to Node 24-compatible versions, which aligns with all three modified workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/upgrade-github-actions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

23-23: Pin GitHub Actions to immutable commit SHAs for supply-chain security.

This release workflow publishes artifacts to multiple registries (Maven Central, PyPI, npm, GitHub Releases). While upgrading to major versions (v6, v5, v7, v2) provides security updates, pinning to specific commit SHAs strengthens supply-chain guarantees by preventing unexpected behavior from tag updates.

Apply the following pattern to: actions/checkout, actions/setup-java, actions/setup-python, astral-sh/setup-uv, actions/setup-node, pnpm/action-setup, and softprops/action-gh-release:

Suggested pattern

-      - name: Checkout code
-        uses: actions/checkout@v6
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

Resolved SHAs:

• actions/checkout@v6 → de0fac2e4500dabe0009e67214ff5f5447ce83dd
• actions/setup-java@v5 → be666c2fcd27ec809703dec50e508c2fdc7f6654
• actions/setup-python@v6 → a309ff8b426b58ec0e2a45f0f869d46889d02405
• astral-sh/setup-uv@v7 → 37802adc94f370d6bfd71619e3f0bf239e1f3b78
• actions/setup-node@v6 → 53b83947a5a98c8d113130e565377fae1a50d02f
• pnpm/action-setup@v5 → fc06bc1257f339d1d5d8b3a19a8cae5388b55320
• softprops/action-gh-release@v2 → 153bb8e04406b158c6c84fc1615b65b24149a1fe

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 23, Replace mutable GitHub Action tags
with the corresponding immutable commit SHAs for each action used in the release
workflow: update actions/checkout@v6 to
de0fac2e4500dabe0009e67214ff5f5447ce83dd, actions/setup-java@v5 to
be666c2fcd27ec809703dec50e508c2fdc7f6654, actions/setup-python@v6 to
a309ff8b426b58ec0e2a45f0f869d46889d02405, astral-sh/setup-uv@v7 to
37802adc94f370d6bfd71619e3f0bf239e1f3b78, actions/setup-node@v6 to
53b83947a5a98c8d113130e565377fae1a50d02f, pnpm/action-setup@v5 to
fc06bc1257f339d1d5d8b3a19a8cae5388b55320, and softprops/action-gh-release@v2 to
153bb8e04406b158c6c84fc1615b65b24149a1fe so the workflow uses fixed commit SHAs
instead of version tags.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yml:
- Line 23: Replace mutable GitHub Action tags with the corresponding immutable
commit SHAs for each action used in the release workflow: update
actions/checkout@v6 to de0fac2e4500dabe0009e67214ff5f5447ce83dd,
actions/setup-java@v5 to be666c2fcd27ec809703dec50e508c2fdc7f6654,
actions/setup-python@v6 to a309ff8b426b58ec0e2a45f0f869d46889d02405,
astral-sh/setup-uv@v7 to 37802adc94f370d6bfd71619e3f0bf239e1f3b78,
actions/setup-node@v6 to 53b83947a5a98c8d113130e565377fae1a50d02f,
pnpm/action-setup@v5 to fc06bc1257f339d1d5d8b3a19a8cae5388b55320, and
softprops/action-gh-release@v2 to 153bb8e04406b158c6c84fc1615b65b24149a1fe so
the workflow uses fixed commit SHAs instead of version tags.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 61cccc44-a75b-485d-a3c5-4f73184cbbf1

📥 Commits

Reviewing files that changed from the base of the PR and between 0c75e48 and 8265463.

📒 Files selected for processing (3)

• .github/workflows/release.yml
• .github/workflows/sync-docs.yml
• .github/workflows/test-benchmark.yml