chore: update actions versions, use frozen bun lockfile

[DaxServer]

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow tooling versions for improved build reliability.
  • Enhanced dependency management with stricter lockfile enforcement to ensure consistent deployments across builds.

[coderabbitai]

Walkthrough

Two GitHub Actions workflow files updated with upgraded tooling versions and stricter dependency management. actions/checkout upgraded from v4 to v5, oven-sh/setup-bun upgraded from v1 to v2, and bun install now enforces frozen lockfile semantics.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow updates ​.github/workflows/ci.yml, ​.github/workflows/publish.yml	Upgrade actions/checkout v4→v5 and oven-sh/setup-bun v1→v2 across both workflows. Add --frozen-lockfile flag to bun install command for stricter package consistency. Add trailing newline to ci.yml.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Version bumps hopping through the night,
Frozen lockfiles held on tight,
Actions checkout, setup-bun so fine,
Workflows dancing, line by line.
A trailing newline tops it all—
Dependency management stands tall! 🚀

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: update actions versions, use frozen bun lockfile" is directly related to the main changes in the pull request. It accurately captures the two primary modifications: upgrading GitHub Actions (checkout from v4 to v5 and setup-bun from v1 to v2) and adding the --frozen-lockfile flag to bun install commands. The title is concise, specific, and follows conventional commit practices with the "chore:" prefix. It provides sufficient clarity for developers scanning commit history to understand the purpose of these maintenance updates without being vague or overly broad.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 80ecb6a and 07329f4.

📒 Files selected for processing (2)

• .github/workflows/ci.yml (1 hunks)
• .github/workflows/publish.yml (2 hunks)

🔇 Additional comments (2)

.github/workflows/ci.yml (1)

14-14: Consistent version updates with publish workflow.

The CI workflow mirrors the publish workflow's action updates and frozen lockfile enforcement, which maintains consistency across both pipelines. The same verification check applies here regarding major version compatibility.

Also applies to: 17-17, 22-22

.github/workflows/publish.yml (1)

24-24: Verify GitHub Actions runner compatibility for checkout v5 upgrade.

The checkout v5 upgrade includes a breaking change: Node.js 24 runtime requires GitHub Actions Runner v2.327.1 or newer. The setup-bun v2 upgrade contains no breaking changes, and the --frozen-lockfile flag is a best practice for deterministic builds. Ensure your GitHub Actions runner environment meets the v2.327.1+ requirement (typically automatic for GitHub-hosted runners, but verify if using self-hosted runners).

Also applies to: 27-27, 38-38

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}