chore(deps): update docker/login-action action to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
docker/login-action	action	major	v3 → v4

---

Release Notes

docker/login-action (docker/login-action)

v4.1.0

Compare Source

• Fix scoped Docker Hub cleanup path when registry is omitted by @​crazy-max in #​945
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1020.0 in #​930
• Bump @​docker/actions-toolkit from 0.77.0 to 0.86.0 in #​932 #​936
• Bump brace-expansion from 1.1.12 to 1.1.13 in #​952
• Bump fast-xml-parser from 5.3.4 to 5.3.6 in #​942
• Bump flatted from 3.3.3 to 3.4.2 in #​944
• Bump glob from 10.3.12 to 10.5.0 in #​940
• Bump handlebars from 4.7.8 to 4.7.9 in #​949
• Bump http-proxy-agent and https-proxy-agent to 8.0.0 in #​937
• Bump lodash from 4.17.23 to 4.18.1 in #​958
• Bump minimatch from 3.1.2 to 3.1.5 in #​941
• Bump picomatch from 4.0.3 to 4.0.4 in #​948
• Bump undici from 6.23.0 to 6.24.1 in #​938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​929
• Switch to ESM and update config/test wiring by @​crazy-max in #​927
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​919
• Bump @​aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in #​909 #​920
• Bump @​aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in #​909 #​920
• Bump @​docker/actions-toolkit from 0.63.0 to 0.77.0 in #​910 #​928
• Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in #​921
• Bump js-yaml from 4.1.0 to 4.1.1 in #​901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v4

Compare Source

v3.7.0

Compare Source

• Add scope input to set scopes for the authentication token by @​crazy-max in #​912
• Add support for AWS European Sovereign Cloud ECR by @​dphi in #​914
• Ensure passwords are redacted with registry-auth input by @​crazy-max in #​911
• build(deps): bump lodash from 4.17.21 to 4.17.23 in #​915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Compare Source

• Add registry-auth input for raw authentication to registries by @​crazy-max in #​887
• Bump @​aws-sdk/client-ecr to 3.890.0 in #​882 #​890
• Bump @​aws-sdk/client-ecr-public to 3.890.0 in #​882 #​890
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in #​883
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​880
• Bump undici from 5.28.4 to 5.29.0 in #​879
• Bump tmp from 0.2.3 to 0.2.4 in #​881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Compare Source

• Support dual-stack endpoints for AWS ECR by @​Spacefish @​crazy-max in #​874 #​876
• Bump @​aws-sdk/client-ecr to 3.859.0 in #​860 #​878
• Bump @​aws-sdk/client-ecr-public to 3.859.0 in #​860 #​878
• Bump @​docker/actions-toolkit from 0.57.0 to 0.62.1 in #​870
• Bump form-data from 2.5.1 to 2.5.5 in #​875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Compare Source

• Bump @​actions/core from 1.10.1 to 1.11.1 in #​791
• Bump @​aws-sdk/client-ecr to 3.766.0 in #​789 #​856
• Bump @​aws-sdk/client-ecr-public to 3.758.0 in #​789 #​856
• Bump @​docker/actions-toolkit from 0.35.0 to 0.57.0 in #​801 #​806 #​858
• Bump cross-spawn from 7.0.3 to 7.0.6 in #​814
• Bump https-proxy-agent from 7.0.5 to 7.0.6 in #​823
• Bump path-to-regexp from 6.2.2 to 6.3.0 in #​777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

v3.3.0

Compare Source

• Bump @​docker/actions-toolkit from 0.24.0 to 0.35.0 in #​754
• Bump https-proxy-agent from 7.0.4 to 7.0.5 in #​741
• Bump braces from 3.0.2 to 3.0.3 in #​730

Full Changelog: docker/login-action@v3.2.0...v3.3.0

v3.2.0

Compare Source

• Improve missing username/password by @​Frankkkkk in #​706
• Bump @​docker/actions-toolkit from 0.18.0 to 0.24.0 in #​715 #​721
• Bump aws-sdk-dependencies to 3.583.0 in #​720
• Bump undici from 5.28.3 to 5.28.4 in #​694

Full Changelog: docker/login-action@v3.1.0...v3.2.0

v3.1.0

Compare Source

• Bump @​babel/traverse from 7.17.3 to 7.23.2 in #​618
• Bump @​docker/actions-toolkit from 0.12.0 to 0.18.0 in #​616 #​636 #​682
• Bump aws-sdk dependencies to 3.529.1 in #​624 #​685
• Bump http-proxy-agent to 7.0.2 in #​676
• Bump https-proxy-agent to 7.0.4 in #​676
• Bump undici from 5.26.5 to 5.28.3 in #​677

Full Changelog: docker/login-action@v3.0.0...v3.1.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6d31e8b0-a22f-4cb7-8db7-f181f04a3fed

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The GitHub Actions workflow for Docker builds was updated to use version 4 of the DockerHub login action, replacing version 3. The authentication credentials remain unchanged.

Changes

Cohort / File(s)	Summary
CI/CD Configuration .github/workflows/build-docker.yml	Updated docker/login-action from v3 to v4 in the DockerHub login workflow step.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A little bump from three to four,
The Docker login, like before!
The version climbs with gentle grace,
While credentials hold their place.
Hopping forward, smooth and light—
Our workflows dance, forever bright! 🐇✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: updating the docker/login-action GitHub Action from v3 to v4.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/docker-login-action-4.x

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/build-docker.yml (1)

25-28: Consider pinning to SHA for immutability.

For enhanced security and reproducibility, consider pinning to a specific commit SHA instead of a mutable tag. This prevents potential supply chain attacks if the tag is moved.

Example:

uses: docker/login-action@<SHA> # v4

Note: You can find the SHA for v4 from the action's repository releases page.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-docker.yml around lines 25 - 28, Replace the mutable
tag used for the GitHub Action "docker/login-action@v4" with its specific commit
SHA to ensure immutability; locate the "uses: docker/login-action@v4" entry and
update it to "docker/login-action@<SHA>" using the commit SHA from the action's
v4 release (verify on the action's releases page) so the workflow pins to a
fixed commit rather than a floating tag.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/build-docker.yml:
- Around line 25-28: Replace the mutable tag used for the GitHub Action
"docker/login-action@v4" with its specific commit SHA to ensure immutability;
locate the "uses: docker/login-action@v4" entry and update it to
"docker/login-action@<SHA>" using the commit SHA from the action's v4 release
(verify on the action's releases page) so the workflow pins to a fixed commit
rather than a floating tag.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7b913c72-e560-4d5e-9e8c-17eacad3b6a5

📥 Commits

Reviewing files that changed from the base of the PR and between e2f1adc and 777f813.

📒 Files selected for processing (1)

• .github/workflows/build-docker.yml

[coderabbitai]

Only repository collaborators, contributors, or members can run CodeRabbit commands.