chore: Pin and update GHA versions

[garlab]

Pin and update following actions:

• actions/checkout v4 -> v6.0.2
• actions/setup-node v3 -> v6.3.0

Summary by CodeRabbit

• Chores
  • Updated release workflow to pin CI action versions to exact commits for more reliable, reproducible releases.
  • Removed an unnecessary Node setup flag to simplify the workflow.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bb922078-e34f-4f8d-ac16-26add589c2a8

📥 Commits

Reviewing files that changed from the base of the PR and between 532be54 and a3f3f39.

📒 Files selected for processing (1)

• .github/workflows/release.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release.yaml

---

📝 Walkthrough

Walkthrough

The GitHub Actions workflow is updated to pin actions/checkout and actions/setup-node to specific commit SHAs with inline version comments, and the corepack: true line was removed. Workflow steps and overall control flow remain unchanged.

Changes

Cohort / File(s)	Summary
GitHub Actions Configuration \.github/workflows/release.yaml	Replaced action version tags with pinned commit SHAs and added inline comments showing the original v‑versions; removed the corepack: true line from the Node setup step.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Pins snug in the action stream,
Commits aligned like a tidy dream,
Corepack hopped away today,
Workflows hum in a steady way,
I nibble logs and skip astray. 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete; it lacks required template sections including Type/Ticket, Problem, Solution, and missing details about why the updates were made.	Add the required template sections: specify the ticket type and link, explain the problem/business need for pinning versions, describe the solution approach, and include any related notes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: pinning and updating GitHub Actions versions in the workflow file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch offp-203-pin-gha-versions

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yaml:
- Around line 30-32: The workflow uses actions/setup-node@v6 with an unsupported
input corepack: true; remove the corepack: true line from the setup-node step
(the block that sets node-version: 18.18.2) and add a new step immediately after
that setup-node step which runs a command to enable Corepack (e.g., run:
corepack enable) so Corepack is enabled per the Node.js Corepack docs while
keeping node-version: 18.18.2 managed by setup-node.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 05fdd0c6-8548-476f-b35a-39fc571e0263

📥 Commits

Reviewing files that changed from the base of the PR and between 5859c10 and 532be54.

📒 Files selected for processing (1)

• .github/workflows/release.yaml