chore(deps): update docker/build-push-action action to v7#151
chore(deps): update docker/build-push-action action to v7#151renovate[bot] wants to merge 1 commit intomainfrom
Conversation
renovate
bot
force-pushed
the
renovate/docker-build-push-action-7.x
branch
from
f1db5ce to
9cb697c
Compare
renovate
bot
force-pushed
the
renovate/docker-build-push-action-7.x
branch
from
9cb697c to
2a525ba
Compare
📝 WalkthroughWalkthroughThe Docker build-push-action used in the GitHub Actions workflow was updated from v6 to v7. No other configuration, inputs, or execution flow were modified. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/build-docker.yml:
- Line 30: Replace the floating tag docker/build-push-action@v7 with the
specific commit
docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 in the
workflow to pin the action; then validate the workflow and downstream steps for
v7.0.0 breaking changes — ensure the runner supports Node 24 (GitHub Actions
Runner v2.327.1+), remove or replace uses of DOCKER_BUILD_NO_SUMMARY and
DOCKER_BUILD_EXPORT_RETENTION_DAYS, and update any logic relying on the legacy
export-build tool so the build-push usage (the step referencing
docker/build-push-action) remains compatible.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 78ca36d7-4b39-4b12-9777-0b2e6500276f
📒 Files selected for processing (1)
.github/workflows/build-docker.yml
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
| - name: Build and push | ||
| uses: docker/build-push-action@v6 | ||
| uses: docker/build-push-action@v7 |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What is the recommended immutable commit SHA for docker/build-push-action v7, and are there any breaking changes from v6 to v7 in its official release notes?
💡 Result:
-
Recommended immutable commit SHA to pin for
docker/build-push-action@v7(v7.0.0):d08e5c354a6adb9ed34480a06d141179aa583294(the commit thev7.0.0release/tag points to). (github.com)- Example:
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294(github.com)
- Example:
-
Breaking changes noted in the official v7.0.0 release notes (vs v6):
- Node 24 is the default runtime, and it requires GitHub Actions Runner
v2.327.1+ (workflows on older runners may fail). (github.com) - Removed deprecated env vars:
DOCKER_BUILD_NO_SUMMARYandDOCKER_BUILD_EXPORT_RETENTION_DAYS(workflows still using them will break / no longer have effect). (github.com) - Removed legacy
export-buildtool support for build summary (could break setups relying on that legacy path). (github.com)
- Node 24 is the default runtime, and it requires GitHub Actions Runner
Citations:
- 1: docker/build-push-action@d08e5c3
- 2: docker/build-push-action@d08e5c3
- 3: https://github.com/docker/build-push-action/releases
- 4: https://github.com/docker/build-push-action/releases
- 5: https://github.com/docker/build-push-action/releases
Pin the action to the v7 commit SHA and verify breaking change compatibility.
Replace docker/build-push-action@v7 with docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 to improve CI supply-chain integrity.
Additionally, v7.0.0 includes breaking changes that require validation:
- Node 24 is now the default runtime (requires GitHub Actions Runner v2.327.1 or later)
- Removed deprecated environment variables:
DOCKER_BUILD_NO_SUMMARYandDOCKER_BUILD_EXPORT_RETENTION_DAYS - Removed legacy
export-buildtool support
Ensure your workflow and any downstream dependencies are compatible with these changes.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/build-docker.yml at line 30, Replace the floating tag
docker/build-push-action@v7 with the specific commit
docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 in the
workflow to pin the action; then validate the workflow and downstream steps for
v7.0.0 breaking changes — ensure the runner supports Node 24 (GitHub Actions
Runner v2.327.1+), remove or replace uses of DOCKER_BUILD_NO_SUMMARY and
DOCKER_BUILD_EXPORT_RETENTION_DAYS, and update any logic relying on the legacy
export-build tool so the build-push usage (the step referencing
docker/build-push-action) remains compatible.
This PR contains the following updates:
v6→v7Release Notes
docker/build-push-action (docker/build-push-action)
v7Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.