ci: update actions for node 24

[poyrazK]

Summary

• update GitHub Actions used by CI and E2E workflows to Node 24-compatible versions
• replace the incompatible golangci-lint-action upgrade with a direct golangci-lint install/run while keeping the repo on v1.64.8
• opt workflows into Node 24 execution to remove the runner deprecation warnings

Testing

• existing PR CI previously passed before these workflow-only commits
• this branch now contains only workflow changes in .github/workflows/ci.yml and .github/workflows/e2e.yml

Summary by CodeRabbit

• Chores
  • Updated continuous integration and end-to-end testing pipeline infrastructure, including dependency versions and workflow environment configurations to improve build system compatibility and reliability.

[coderabbitai]

📝 Walkthrough

Walkthrough

GitHub Actions workflows upgraded to force JavaScript actions to Node 24, and Docker action versions bumped (v3→v4 for setup-buildx, v6→v7 for build-push, v3→v4 for login). CI lint step refactored to use direct shell-based golangci-lint installation instead of the dedicated action.

Changes

Cohort / File(s)	Summary
CI/CD Workflow Updates .github/workflows/ci.yml, .github/workflows/e2e.yml	Added FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true environment variable to both workflows. Upgraded Docker actions: setup-buildx-action v3→v4, build-push-action v6→v7, and login-action v3→v4 in CI workflow.
Lint Step Refactoring .github/workflows/ci.yml	Replaced golangci/golangci-lint-action@v6 with inline go install and golangci-lint run command execution for more direct control over linting.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Our actions now dance with Node twenty-four,
Docker versions upgraded to the core,
Lint runs direct, no middleware in sight,
The CI/CD pipeline shines ever bright! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: update actions for node 24' directly and accurately reflects the main change: updating GitHub Actions and opting into Node 24 execution across CI/E2E workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/k8s-disaster-recovery

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates GitHub Actions workflows to be compatible with (and explicitly opt into) Node 24 execution, while keeping golangci-lint pinned at v1.64.8 by installing/running it directly instead of using the action.

Changes:

• Opt workflows into Node 24 execution via FORCE_JAVASCRIPT_ACTIONS_TO_NODE24.
• Replace golangci-lint-action usage with a go install ...@v1.64.8 + direct golangci-lint run.
• Bump Docker-related GitHub Actions used in CI/E2E (Buildx + build/push, and login in CI).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/ci.yml	Node 24 env opt-in, switch golangci-lint to direct install/run, update Docker action versions in build/deploy jobs
.github/workflows/e2e.yml	Node 24 env opt-in, update Docker action versions used to build the API image

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The lint step installs golangci-lint via go install ...@v1.64.8, but then invokes it via "$(go env GOPATH)/bin/golangci-lint". This can break if GOBIN is set (binary won’t land in GOPATH/bin) or if GOPATH contains multiple entries. Prefer invoking golangci-lint from PATH (actions/setup-go typically adds the install dir) or resolve the install location via go env GOBIN (with a GOPATH/bin fallback).

Suggested change

	"$(go env GOPATH)/bin/golangci-lint" run ./...
	GOBIN_DIR="$(go env GOBIN)"
	if [ -z "$GOBIN_DIR" ]; then
	GOBIN_DIR="$(go env GOPATH)/bin"
	fi
	"$GOBIN_DIR/golangci-lint" run ./...

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/ci.yml (1)

347-350: Consider pinning these upgraded Docker actions to immutable commit SHAs.

Using major tags is convenient, but SHA pinning improves supply-chain integrity for CI/CD workflows.

Suggested hardening pattern

- uses: docker/setup-buildx-action@v4
+ uses: docker/setup-buildx-action@<resolved-commit-sha>

- uses: docker/login-action@v4
+ uses: docker/login-action@<resolved-commit-sha>

- uses: docker/build-push-action@v7
+ uses: docker/build-push-action@<resolved-commit-sha>

Also applies to: 379-380, 388-389, 395-396, 418-419, 426-427, 433-434

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 347 - 350, Replace loose major-version
tags for GitHub Actions with immutable commit SHAs: locate usages of
docker/setup-buildx-action@v4 and docker/build-push-action@v7 (and the other
occurrences noted around the file) and update each "uses:" entry to reference
the specific repository@<commit-sha> for the tested commit; ensure you pick the
verified commit SHA for the action version you intend to use and update all
matching lines (the instances at the shown diff and the additional occurrences)
so the workflow uses SHA-pinned refs instead of major tags.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 347-350: Replace loose major-version tags for GitHub Actions with
immutable commit SHAs: locate usages of docker/setup-buildx-action@v4 and
docker/build-push-action@v7 (and the other occurrences noted around the file)
and update each "uses:" entry to reference the specific repository@<commit-sha>
for the tested commit; ensure you pick the verified commit SHA for the action
version you intend to use and update all matching lines (the instances at the
shown diff and the additional occurrences) so the workflow uses SHA-pinned refs
instead of major tags.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 06df6093-5fe2-4657-9892-488507f81410

📥 Commits

Reviewing files that changed from the base of the PR and between 9291b40 and d631c1f.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• .github/workflows/e2e.yml