ci: auto publish readme update when digest changes

[codfish]

• Upgraded Docker build tooling to the latest version for enhanced build reliability
• Implemented automated documentation updates to maintain current Docker image references

[coderabbitai]

📝 Walkthrough

Walkthrough

The release workflow file was modified to upgrade the Docker build action from v5 to v6 and add a step that automatically updates README.md with the new Docker image digest following a successful release, with changes committed and pushed if modifications occur.

Changes

Cohort / File(s)	Summary
GitHub Actions Release Workflow .github/workflows/release.yml	Upgraded docker/build-push-action from v5 to v6, added id to docker build step, and introduced new step that reads docker digest output and updates README.md with the new digest, committing changes if any modifications were made.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 The docker dreams in version six now flow,
While README learns what digests show,
A rabbit's touch keeps everything in sync,
Each release whispers what to update and link! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: auto publish readme update when digest changes' accurately describes the main change: automating README updates when Docker digest changes in the CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch upgrades

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/release.yml (1)

65-65: ⚠️ Potential issue | 🟡 Minor

Pre-existing bug: wrong step reference.

steps.semantic-dry-run.outputs should be steps.semantic.outputs (the step id on Line 18 is semantic). Not introduced by this PR, but currently this always dumps an empty/null value.

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

105-126: Pushing to main will re-trigger this workflow.

The docs: commit pushed to main on Line 125 will trigger another run of this workflow (per the on: push: branches: main trigger). That run will be a no-op since semantic-release won't find releasable commits, but it's wasteful. Consider adding [skip ci] to the commit message.

Also, as a minor hardening measure, prefer passing the digest via an env: block rather than interpolating ${{ steps.docker_build.outputs.digest }} directly in the shell script. While the digest output is a safe sha256 hash, avoiding direct expression interpolation in run: is a good habit to prevent script injection in other contexts.

♻️ Suggested changes

       - name: Update README with new docker digest
         if: steps.semantic.outputs.new-release-published == 'true'
+        env:
+          DIGEST: ${{ steps.docker_build.outputs.digest }}
         run: |
-          # Extract just the sha256 hash from the digest
-          DIGEST="${{ steps.docker_build.outputs.digest }}"
-
           # Update both occurrences of the digest in README.md
           sed -i.bak "s|ghcr.io/codfish/semantic-release-action@sha256:[a-f0-9]*|ghcr.io/codfish/semantic-release-action@${DIGEST}|g" README.md
           rm README.md.bak
 
           # Commit and push if there are changes
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           git add README.md
 
           # Only commit if there are actual changes
           if git diff --staged --quiet; then
             echo "No changes to README.md"
           else
-            git commit -m "docs: update docker digest to ${DIGEST}"
+            git commit -m "docs: update docker digest to ${DIGEST} [skip ci]"
             git push origin main
           fi