build: update checkout action to v5

[rejected-l]

Bumps checkout to v5 for future-proofing against Node 24 runner updates. Requires runner v2.327.1+. Workflows compile the same.

More info: https://github.com/actions/checkout/releases/tag/v5.0.0

Summary by CodeRabbit

• Chores
  • Upgraded the checkout action across all CI workflows to the latest major version for improved reliability, performance, and security.
  • Standardized the upgrade across build, test, lint, integration, and container pipelines for consistent behavior.
  • Enhances compatibility with GitHub Actions updates and reduces maintenance overhead.
  • No changes to product features or user-facing behavior; builds and releases continue to function as before.

[coderabbitai]

Walkthrough

All modified GitHub Actions workflows update the checkout action from actions/checkout@v4 to actions/checkout@v5 across various jobs/steps. Some commented examples were updated accordingly. No other steps, logic, or configurations were changed.

Changes

Cohort / File(s)	Summary of changes
GitHub Actions: checkout v5 bump .github/workflows/bridge_history_api.yml, .github/workflows/bump_version.yml, .github/workflows/common.yml, .github/workflows/coordinator.yml, .github/workflows/database.yml, .github/workflows/docker.yml, .github/workflows/integration.yml, .github/workflows/intermediate-docker.yml, .github/workflows/rollup.yml	Replace actions/checkout@v4 with actions/checkout@v5 across relevant jobs/steps; update related commented lines; no other modifications.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

I hopped through workflows, line by line,
Nudged checkout to v5—so fine.
No cogs were moved, no gears askew,
Just fresher carrots in the CI stew.
Thump-thump! The pipelines hum and thrive,
A happy hare with version five. 🥕✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (8)

.github/workflows/docker.yml (8)

63-63: Same note as above for self-hosted runners.

Ensure the runner group is on the required version.

---

109-109: Same note as above for self-hosted runners.

actions/checkout@v5 requires updated runner binaries.

---

155-155: Same note as above for self-hosted runners.

Confirm runner group version compliance.

---

201-201: Same note as above for self-hosted runners.

Runner version must meet v5 requirements.

---

247-247: Same note as above for self-hosted runners.

Please verify the runner group’s minimum version.

---

293-293: Same note as above for self-hosted runners.

v5 compatibility depends on runner version.

---

339-339: Same note as above for self-hosted runners.

Double-check runner fleet upgrade status.

---

384-384: Same note as above for self-hosted runners.

All jobs in this workflow should be covered by the upgrade verification.

🧹 Nitpick comments (4)

.github/workflows/coordinator.yml (1)

80-80: Commented example also updated to v5

Keeping commented blocks in sync avoids future copy/paste regressions. Good catch.

If the commented docker-build block is intentionally disabled long-term, consider removing it or linking to a canonical example to reduce maintenance overhead.

.github/workflows/rollup.yml (1)

39-39: Checkout v5 upgrade LGTM; no breaking changes expected on ubuntu-latest.

Using actions/checkout@v5 is compatible with GitHub-hosted ubuntu-latest runners and aligns with the Node 24 runner updates goal.

Optionally harden supply chain by pinning actions to a specific commit SHA (GitHub security best practice) and annotating the major version in a comment.

.github/workflows/common.yml (1)

40-40: Checkout@v5 upgrade looks good.

GitHub-hosted ubuntu-latest runners meet the minimum version; no breaking changes expected.

Consider pinning actions to a commit SHA to harden against supply-chain risks.

.github/workflows/docker.yml (1)

17-17: Verify self-hosted runner version meets checkout v5 minimum.

This workflow runs on a self-hosted runner group (scroll-reth-runner-group). actions/checkout@v5 requires a sufficiently recent GitHub Actions Runner (the PR notes v2.327.1+). Please ensure all runners in this group are upgraded before merging to avoid step failures.

Optional: Pin actions to commit SHAs for supply-chain hardening across this workflow.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1f2b397 and f3666bc.

📒 Files selected for processing (9)

• .github/workflows/bridge_history_api.yml (3 hunks)
• .github/workflows/bump_version.yml (1 hunks)
• .github/workflows/common.yml (3 hunks)
• .github/workflows/coordinator.yml (4 hunks)
• .github/workflows/database.yml (3 hunks)
• .github/workflows/docker.yml (9 hunks)
• .github/workflows/integration.yml (1 hunks)
• .github/workflows/intermediate-docker.yml (1 hunks)
• .github/workflows/rollup.yml (4 hunks)

🔇 Additional comments (16)

.github/workflows/coordinator.yml (3)

44-44: Checkout v5 update is correct

No functional changes otherwise; the step will continue to behave the same.

---

59-59: Second checkout upgrade to v5 — consistent across jobs

Consistent with the PR objective; no issues spotted.

---

100-100: Tests job uses checkout v5 — OK

No additional adjustments required here.

.github/workflows/database.yml (3)

37-37: Checkout updated to v5 — OK

No behavior changes expected for default usage.

---

52-52: goimports-lint job aligned to checkout v5

Consistent with other jobs; looks good.

---

77-77: Tests job aligned to checkout v5

All database workflow jobs consistently migrated. Good.

.github/workflows/intermediate-docker.yml (1)

77-77: Verify self-hosted runner versions for checkout@v5

The GitHub CLI check returned a 403, so automatic validation couldn’t confirm runner versions. Before merging, please manually ensure every self-hosted runner in scroll-reth-runner-group is running Actions Runner ≥ 2.327.1.

• File: .github/workflows/intermediate-docker.yml
• Line: 77 (uses: actions/checkout@v5)

.github/workflows/bump_version.yml (1)

19-19: Checkout updated to v5 — OK

Default usage; no additional inputs required. Note: this job also installs Node 16 for project scripts, which is independent of the action runtime used by checkout v5.

.github/workflows/rollup.yml (3)

63-63: Consistent upgrade to actions/checkout@v5.

Change is correct and consistent with the PR objective.

---

88-88: Upgrade confirmed; safe on GitHub-hosted runners.

This step also runs on ubuntu-latest; no additional changes needed.

---

120-120: Nice touch keeping commented example in sync.

Prevents future drift if the block is re-enabled.

.github/workflows/bridge_history_api.yml (3)

37-37: Checkout bumped to v5 as intended.

No other step changes; ubuntu-latest satisfies runner requirements for v5.

---

51-51: LGTM: actions/checkout@v5.

Consistent with the rest of the repo-wide upgrade.

---

70-70: LGTM: v5 applied to goimports-lint job.

No further action needed.

.github/workflows/common.yml (2)

59-59: Consistent v5 usage.

Matches the PR scope; no issues spotted.

---

84-84: LGTM on tests job.

Upgrade is correct and complete here as well.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Checkout upgraded to v5 — looks good; confirm no remaining v4 references and runner compatibility

• For GitHub-hosted ubuntu-latest, the Actions runner version requirement for checkout v5 is satisfied automatically.
• Recommend scanning the repo to ensure no lingering actions/checkout@v4 references remain.

Run this to verify coverage across the repo:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Occurrences of actions/checkout@v4:"
rg -n --hidden --glob '!.git' $'uses: *actions/checkout@v4' || echo "None 🎉"

echo
echo "All occurrences of actions/checkout usage (sanity check):"
rg -n --hidden --glob '!.git' $'uses: *actions/checkout@'

Length of output: 2443

---

Ensure consistent Checkout version across workflows

Our scan confirms there are no lingering actions/checkout@v4 references—great! However, there is one remaining older version:

• .github/workflows/docker-coordinator-api-arm64.yml:21 uses actions/checkout@v2

Please update this to actions/checkout@v5 to match the rest of your workflows and leverage the latest fixes and features.

🤖 Prompt for AI Agents

In .github/workflows/docker-coordinator-api-arm64.yml around line 21, the
workflow uses actions/checkout@v2 which is inconsistent with the rest of the
repo; update that line to actions/checkout@v5 so all workflows use the same,
current checkout action version.