chore: update Docker build action to v6 and enable SBOM generation

[twangodev]

Summary by CodeRabbit

• Chores
  • Enhanced Docker build pipeline with improved caching mechanisms and security metadata generation for more efficient and secure deployments.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Updated GitHub Actions workflow configuration to upgrade the Docker build-push action from version 5 to version 6, adding provenance and SBOM generation capabilities, plus enhanced GitHub Actions cache configuration for improved build layer caching.

Changes

Cohort / File(s)	Summary
Docker build-push action upgrade \.github/workflows/rust\.yml	Upgraded docker/build-push-action from v5 to v6; added provenance metadata generation (mode=max), SBOM generation (sbom: true), and enhanced caching with cache-to directive (type=gha,mode=max)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

• Single file, isolated configuration updates
• Action version bump with official parameter additions
• No logic changes or conditional flow modifications
• Straightforward verification of new parameters against action documentation

Poem

🐰 With Docker builds now swift and secure,
Provenance and SBOMs to endure,
Cache layers stack high and fast,
Each build better than the last! 📦✨

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/docker

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f46e6ed and ffa1d23.

📒 Files selected for processing (1)

• .github/workflows/rust.yml (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR upgrades the Docker build and push workflow to v6 and enhances supply chain security by adding provenance attestation and SBOM (Software Bill of Materials) generation.

• Updates docker/build-push-action from v5 to v6
• Adds provenance attestation with maximum detail mode
• Enables SBOM generation for improved supply chain visibility

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The provenance parameter syntax appears incorrect. For docker/build-push-action@v6, the provenance parameter should be either a boolean (true/false) or a string without the mode= prefix. If you want to enable provenance with maximum detail, use provenance: true or specify the builder option. The mode=max syntax is used for other parameters like cache-to, not for provenance.

Suggested change

	provenance: mode=max
	provenance: true

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.