Upgrade GitHub Actions to latest versions

[salmanmkc]

Summary

Upgrade GitHub Actions to their latest versions for improved features, bug fixes, and security updates.

Changes

Action	Old Version(s)	New Version	Release	Files
oven-sh/setup-bun	v1	v2	Release	build-desktop.yml
superfly/fly-pr-review-apps	1.3.0	1.6.0	Release	deploy-preview.yml

Why upgrade?

Keeping GitHub Actions up to date ensures:

• Security: Latest security patches and fixes
• Features: Access to new functionality and improvements
• Compatibility: Better support for current GitHub features
• Performance: Optimizations and efficiency improvements

⚠️ Breaking Changes

• oven-sh/setup-bun (v1 → v2): Major version upgrade — review the release notes for breaking changes

Security Note

Actions that were previously pinned to commit SHAs remain pinned to SHAs (updated to the latest release SHA) to maintain the security benefits of immutable references.

Testing

These changes only affect CI/CD workflow configurations and should not impact application functionality. The workflows should be tested by running them on a branch before merging.

---

Summary by cubic

Upgrade CI workflows to the latest Actions: oven-sh/setup-bun v2 and superfly/fly-pr-review-apps 1.6.0 for security and reliability improvements. Changes are limited to build-desktop.yml and deploy-preview.yml with no workflow logic changes.

^{Written for commit 968769b. Summary will update on new commits.}

Summary by CodeRabbit

• Chores
  • Updated build and deployment infrastructure tooling to newer versions for improved stability and performance in CI/CD pipelines.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates two GitHub workflow action versions: oven-sh/setup-bun from v1 to v2 in the build-desktop workflow, and the Fly.io deployment action from 1.3.0 to 1.6.0 in the deploy-preview workflow. No functional or control flow changes are introduced.

Changes

Cohort / File(s)	Summary
Build Action Version Update .github/workflows/build-desktop.yml	Updated oven-sh/setup-bun action from v1 to v2 across macOS and Linux build jobs.
Deployment Action Version Update .github/workflows/deploy-preview.yml	Updated Fly.io PR reviewApp action from version 1.3.0 to 1.6.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A bun setup springs from v1 to v2,
While Fly.io soars to 1.6, tried and true!
These workflows hum with versions so fresh,
Automation dances, robust and blessed! 🚀

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: upgrading GitHub Actions to their latest versions, which matches the changeset.
Description check	✅ Passed	The description is comprehensive and well-structured, exceeding template requirements with detailed change tables, rationale, breaking change warnings, and security notes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/deploy-preview.yml:
- Line 100: The workflow references a non-existent action version; update the
action reference "superfly/fly-pr-review-apps@1.6.0" to a valid published tag
(e.g., change to "superfly/fly-pr-review-apps@1.5.0" or
"superfly/fly-pr-review-apps@latest") in the deploy-preview workflow so the step
using superfly/fly-pr-review-apps resolves correctly.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a81289 and 968769b.

📒 Files selected for processing (2)

• .github/workflows/build-desktop.yml
• .github/workflows/deploy-preview.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

superfly/fly-pr-review-apps action 1.6.0 inputs required breaking changes

💡 Result:

• There is no superfly/fly-pr-review-apps@1.6.0 release/tag in the upstream repo. The newest published tag shown is 1.5.0 (Feb 27, 2025), plus a moving latest tag pointing at the same commit. [1]

Required inputs (v1.5.0)

• No with: inputs are required by the action definition. All inputs are optional. [2]
• Required secret/environment: you must provide FLY_API_TOKEN (typically via workflow env:). The README documents this as required. [3]

Inputs available (v1.5.0)

From the action’s inputs: (all optional): name, image, config, build_args, build_secrets, region, org, path, postgres, secrets, vmsize, cpu, cpukind, memory, ha, launch_options. [2]

Notes from README:

• name defaults to pr-{number}-{repo_org}-{repo_name}; if you set it, it must include the PR number (safety check). [3]

Breaking changes

• Since 1.6.0 doesn’t exist upstream, there are no upstream “1.6.0 breaking changes” to list. The latest upstream tag is 1.5.0. [1]
• Also, no inputs are marked required in action.yml, so there’s no “new required input” break at 1.5.0. [2]

Sources: [1] GitHub tags for superfly/fly-pr-review-apps; [2] upstream action.yml at tag 1.5.0; [3] upstream README (inputs + required FLY_API_TOKEN).

---

Use a valid action version; 1.6.0 does not exist.

The action version superfly/fly-pr-review-apps@1.6.0 is not published upstream. The latest available version is 1.5.0 (released Feb 27, 2025). Update the action reference to @1.5.0 or use @latest.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/deploy-preview.yml at line 100, The workflow references a
non-existent action version; update the action reference
"superfly/fly-pr-review-apps@1.6.0" to a valid published tag (e.g., change to
"superfly/fly-pr-review-apps@1.5.0" or "superfly/fly-pr-review-apps@latest") in
the deploy-preview workflow so the step using superfly/fly-pr-review-apps
resolves correctly.