chore(deps): update docker/build-push-action action to v7

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
docker/build-push-action	action	major	v6 → v7

---

Release Notes

docker/build-push-action (docker/build-push-action)

v7.1.0

Compare Source

• Git context query format support by @​crazy-max in #​1505
• Bump @​docker/actions-toolkit from 0.79.0 to 0.87.0 by @​crazy-max in #​1505
• Bump brace-expansion from 1.1.12 to 1.1.13 in #​1500
• Bump fast-xml-parser from 5.4.2 to 5.5.7 in #​1489
• Bump flatted from 3.3.3 to 3.4.2 in #​1491
• Bump glob from 10.3.12 to 10.5.0 in #​1490
• Bump handlebars from 4.7.8 to 4.7.9 in #​1497
• Bump lodash from 4.17.23 to 4.18.1 in #​1510
• Bump picomatch from 4.0.3 to 4.0.4 in #​1496
• Bump undici from 6.23.0 to 6.24.1 in #​1486
• Bump vite from 7.3.1 to 7.3.2 in #​1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

v7.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​1470
• Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @​crazy-max in #​1473
• Remove legacy export-build tool support for build summary by @​crazy-max in #​1474
• Switch to ESM and update config/test wiring by @​crazy-max in #​1466
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​1454
• Bump @​docker/actions-toolkit from 0.62.1 to 0.79.0 in #​1453 #​1472 #​1479
• Bump minimatch from 3.1.2 to 3.1.5 in #​1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v7

Compare Source

v6.19.2

Compare Source

• Preserve port in GIT_AUTH_TOKEN host by @​crazy-max in #​1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Compare Source

• Derive GIT_AUTH_TOKEN host from GitHub server URL by @​crazy-max in #​1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Compare Source

• Scope default git auth token to github.com by @​crazy-max in #​1451
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​1396
• Bump form-data from 2.5.1 to 2.5.5 in #​1391
• Bump js-yaml from 3.14.1 to 3.14.2 in #​1429
• Bump lodash from 4.17.21 to 4.17.23 in #​1446
• Bump tmp from 0.2.3 to 0.2.4 in #​1398
• Bump undici from 5.28.4 to 5.29.0 in #​1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

Compare Source

• Bump @​docker/actions-toolkit from 0.61.0 to 0.62.1 in #​1381

[!NOTE]
Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Compare Source

• Bump @​docker/actions-toolkit from 0.59.0 to 0.61.0 by @​crazy-max in #​1364

[!NOTE]
Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Compare Source

• Handle no default attestations env var by @​crazy-max in #​1343
• Only print secret keys in build summary output by @​crazy-max in #​1353
• Bump @​docker/actions-toolkit from 0.56.0 to 0.59.0 in #​1352

Full Changelog: docker/build-push-action@v6.15.0...v6.16.0

v6.15.0

Compare Source

• Bump @​docker/actions-toolkit from 0.55.0 to 0.56.0 in #​1330

Full Changelog: docker/build-push-action@v6.14.0...v6.15.0

v6.14.0

Compare Source

• Bump @​docker/actions-toolkit from 0.53.0 to 0.55.0 in #​1324

Full Changelog: docker/build-push-action@v6.13.0...v6.14.0

v6.13.0

Compare Source

• Bump @​docker/actions-toolkit from 0.51.0 to 0.53.0 in #​1308

Full Changelog: docker/build-push-action@v6.12.0...v6.13.0

v6.12.0

Compare Source

• Bump @​docker/actions-toolkit from 0.49.0 to 0.51.0 in #​1300

Full Changelog: docker/build-push-action@v6.11.0...v6.12.0

v6.11.0

Compare Source

• Handlebar defaultContext support for build-contexts input by @​crazy-max in #​1283
• Bump @​docker/actions-toolkit from 0.46.0 to 0.49.0 in #​1281

Full Changelog: docker/build-push-action@v6.10.0...v6.11.0

v6.10.0

Compare Source

• Add call input to set method for evaluating build by @​crazy-max in #​1265
• Bump @​actions/core from 1.10.1 to 1.11.1 in #​1238
• Bump @​docker/actions-toolkit from 0.39.0 to 0.46.0 in #​1268
• Bump cross-spawn from 7.0.3 to 7.0.6 in #​1261

Full Changelog: docker/build-push-action@v6.9.0...v6.10.0

v6.9.0

Compare Source

• Bump @​docker/actions-toolkit from 0.38.0 to 0.39.0 in #​1234
• Bump path-to-regexp from 6.2.2 to 6.3.0 in #​1232

Full Changelog: docker/build-push-action@v6.8.0...v6.9.0

v6.8.0

Compare Source

• Bump @​docker/actions-toolkit from 0.37.1 to 0.38.0 in #​1230

Full Changelog: docker/build-push-action@v6.7.0...v6.8.0

v6.7.0

Compare Source

• Print info message for build summary support checks by @​crazy-max in #​1211

Full Changelog: docker/build-push-action@v6.6.1...v6.7.0

v6.6.1

Compare Source

• Bump @​docker/actions-toolkit from 0.37.0 to 0.37.1 in #​1205

Full Changelog: docker/build-push-action@v6.6.0...v6.6.1

v6.6.0

Compare Source

• Generate GitHub annotations for build checks by @​crazy-max in #​1197
• Bump @​docker/actions-toolkit from 0.35.0 to 0.37.0 in #​1196 #​1198

Full Changelog: docker/build-push-action@v6.5.0...v6.6.0

v6.5.0

Compare Source

• Bump @​docker/actions-toolkit from 0.33.0 to 0.35.0 in #​1186 #​1191

Full Changelog: docker/build-push-action@v6.4.1...v6.5.0

v6.4.1

Compare Source

• revert "Set repository and ghtoken attributes for GitHub Actions cache backend" by @​crazy-max in #​1183

Full Changelog: docker/build-push-action@v6.4.0...v6.4.1

v6.4.0

Compare Source

• Set repository and ghtoken attributes for GitHub Actions cache backend by @​crazy-max in #​1133
• Bump @​docker/actions-toolkit from 0.31.0 to 0.33.0 in #​1179

Full Changelog: docker/build-push-action@v6.3.0...v6.4.0

v6.3.0

Compare Source

• DOCKER_BUILD_RECORD_UPLOAD environment variable to enable/disable build record upload by @​crazy-max in #​1172
• DOCKER_BUILD_NO_SUMMARY has been deprecated. Set DOCKER_BUILD_SUMMARY to false instead by @​crazy-max in #​1170 #​1173
• Bump @​docker/actions-toolkit from 0.28.0 to 0.31.0 in #​1171 #​1159 #​1169

Full Changelog: docker/build-push-action@v6.2.0...v6.3.0

v6.2.0

Compare Source

• Use default retention days for build export artifact by @​crazy-max in #​1153
• Bump @​docker/actions-toolkit from 0.27.0 to 0.28.0 in #​1158

Full Changelog: docker/build-push-action@v6.1.0...v6.2.0

v6.1.0

Compare Source

• Bump @​docker/actions-toolkit from 0.26.2 to 0.27.0 in #​1149

Full Changelog: docker/build-push-action@v6.0.2...v6.1.0

v6.0.2

Compare Source

• Bump @​docker/actions-toolkit from 0.26.1 to 0.26.2 in #​1147

Full Changelog: docker/build-push-action@v6.0.1...v6.0.2

v6.0.1

Compare Source

• Bump @​docker/actions-toolkit from 0.26.0 to 0.26.1 in #​1142

Full Changelog: docker/build-push-action@v6.0.0...v6.0.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4f1f3e77-3c0f-4d29-b8c3-62beb977b5ef

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The Docker build-push-action used in the GitHub Actions workflow was updated from v6 to v7. No other configuration, inputs, or execution flow were modified.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/build-docker.yml	Updated Docker build-push-action from v6 to v7; all other workflow parameters (context, Dockerfile path, platforms, tags, caching) remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 twitches whiskers joyfully
From six to seven, the Docker ship sails,
A tiny bump, yet the pipeline prevails,
No breaking changes, just smoother trails,
One version leap—success never fails! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: updating the docker/build-push-action GitHub Action to version 7, which aligns perfectly with the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/docker-build-push-action-7.x

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-docker.yml:
- Line 30: Replace the floating tag docker/build-push-action@v7 with the
specific commit
docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 in the
workflow to pin the action; then validate the workflow and downstream steps for
v7.0.0 breaking changes — ensure the runner supports Node 24 (GitHub Actions
Runner v2.327.1+), remove or replace uses of DOCKER_BUILD_NO_SUMMARY and
DOCKER_BUILD_EXPORT_RETENTION_DAYS, and update any logic relying on the legacy
export-build tool so the build-push usage (the step referencing
docker/build-push-action) remains compatible.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 78ca36d7-4b39-4b12-9777-0b2e6500276f

📥 Commits

Reviewing files that changed from the base of the PR and between e2f1adc and 2a525ba.

📒 Files selected for processing (1)

• .github/workflows/build-docker.yml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

What is the recommended immutable commit SHA for docker/build-push-action v7, and are there any breaking changes from v6 to v7 in its official release notes?

💡 Result:

• Recommended immutable commit SHA to pin for docker/build-push-action@v7 (v7.0.0): d08e5c354a6adb9ed34480a06d141179aa583294 (the commit the v7.0.0 release/tag points to). (github.com)

  • Example: uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 (github.com)

• Breaking changes noted in the official v7.0.0 release notes (vs v6):

  1. Node 24 is the default runtime, and it requires GitHub Actions Runner v2.327.1+ (workflows on older runners may fail). (github.com)
  2. Removed deprecated env vars: DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS (workflows still using them will break / no longer have effect). (github.com)
  3. Removed legacy export-build tool support for build summary (could break setups relying on that legacy path). (github.com)

Citations:

• 1: docker/build-push-action@d08e5c3
• 2: docker/build-push-action@d08e5c3
• 3: https://github.com/docker/build-push-action/releases
• 4: https://github.com/docker/build-push-action/releases
• 5: https://github.com/docker/build-push-action/releases

---

Pin the action to the v7 commit SHA and verify breaking change compatibility.

Replace docker/build-push-action@v7 with docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 to improve CI supply-chain integrity.

Additionally, v7.0.0 includes breaking changes that require validation:

• Node 24 is now the default runtime (requires GitHub Actions Runner v2.327.1 or later)
• Removed deprecated environment variables: DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS
• Removed legacy export-build tool support

Ensure your workflow and any downstream dependencies are compatible with these changes.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-docker.yml at line 30, Replace the floating tag
docker/build-push-action@v7 with the specific commit
docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 in the
workflow to pin the action; then validate the workflow and downstream steps for
v7.0.0 breaking changes — ensure the runner supports Node 24 (GitHub Actions
Runner v2.327.1+), remove or replace uses of DOCKER_BUILD_NO_SUMMARY and
DOCKER_BUILD_EXPORT_RETENTION_DAYS, and update any logic relying on the legacy
export-build tool so the build-push usage (the step referencing
docker/build-push-action) remains compatible.

[coderabbitai]

Only repository collaborators, contributors, or members can run CodeRabbit commands.