chore(ci): update github-actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
postgres	service	digest	2cd8273 → 2203e62
python	uses-with	pin	3.12 → 3.12.13
regclient/actions (changelog)	action	digest	da9319d → 14f9d37
valkey/valkey	service	pinDigest	→ 4054fe7

---

Configuration

📅 Schedule: (in timezone Europe/Madrid)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.11%. Comparing base (bae74b8) to head (d16cfce).
⚠️ Report is 16 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #11314   +/-   ##
=======================================
  Coverage   94.11%   94.11%           
=======================================
  Files         247      247           
  Lines       36409    36409           
=======================================
  Hits        34265    34265           
  Misses       2144     2144           

Flag	Coverage Δ
api	94.11% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	∅ <ø> (∅)
api	94.11% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

📝 Walkthrough

Walkthrough

Six GitHub Actions workflow files receive dependency pin updates: four container-build workflows (api, mcp, sdk, ui) have their regclient/actions/regctl-installer action bumped to a new commit SHA; the API tests workflow pins postgres and valkey service images to sha256 digests; and the test-impact-analysis workflow pins Python from 3.12 to 3.12.13.

Changes

CI Dependency Pin Updates

Layer / File(s)	Summary
regclient/actions/regctl-installer SHA bump .github/workflows/api-container-build-push.yml, .github/workflows/mcp-container-build-push.yml, .github/workflows/sdk-container-build-push.yml, .github/workflows/ui-container-build-push.yml	The uses: commit hash for regclient/actions/regctl-installer is updated to a new pinned SHA in the create-manifest job of each container build workflow.
Service image and Python runtime pins .github/workflows/api-tests.yml, .github/workflows/test-impact-analysis.yml	postgres and valkey service container images are changed to digest-pinned (@sha256:…) references; Python setup version is changed from 3.12 to 3.12.13.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is minimal and lacks required sections from the template, including Context, detailed Description, Steps to review, and Checklist items.	Add a proper description following the template: include Context explaining the purpose of these dependency updates, a detailed Description section, Steps to review section, and complete the Checklist with relevant items for dependency updates.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore(ci): update github-actions' directly and clearly describes the main change—updating GitHub Actions dependencies in CI workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/github-actions

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/api-tests.yml:
- Line 51: The PostgreSQL version in the CI workflow (postgres:17) does not
match the local development environment (postgres:16.3-alpine3.20), which is a
major version mismatch that can cause compatibility issues. Either update the
postgres image reference in the CI workflow file to use the same version as
local development, or update the local docker-compose configuration to match the
CI version (postgres:17). After aligning the versions, verify that all SQL
queries, schema definitions, and data types are compatible with the chosen
PostgreSQL version and run the API tests locally to ensure everything works
correctly before merging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 12a480eb-4b30-489b-b940-e3df59e4d833

📥 Commits

Reviewing files that changed from the base of the PR and between 908d2ce and d16cfce.

📒 Files selected for processing (6)

• .github/workflows/api-container-build-push.yml
• .github/workflows/api-tests.yml
• .github/workflows/mcp-container-build-push.yml
• .github/workflows/sdk-container-build-push.yml
• .github/workflows/test-impact-analysis.yml
• .github/workflows/ui-container-build-push.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

⚠️ Major PostgreSQL version mismatch between CI and local development.

The CI workflow pins postgres:17, but the local development environment (docker-compose.yml) uses postgres:16.3-alpine3.20. This major version jump can cause schema compatibility issues, query behavior differences, and data type mismatches that won't be caught during local testing.

Verify that:

• The codebase's SQL queries and schema are compatible with PostgreSQL 17
• This version bump was intentional (or if it's a Renovate automation error)
• All API tests pass with postgres 17 before merge

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/api-tests.yml at line 51, The PostgreSQL version in the CI
workflow (postgres:17) does not match the local development environment
(postgres:16.3-alpine3.20), which is a major version mismatch that can cause
compatibility issues. Either update the postgres image reference in the CI
workflow file to use the same version as local development, or update the local
docker-compose configuration to match the CI version (postgres:17). After
aligning the versions, verify that all SQL queries, schema definitions, and data
types are compatible with the chosen PostgreSQL version and run the API tests
locally to ensure everything works correctly before merging.