Update docker/build-push-action action to v7

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
docker/build-push-action	action	major	v6 → v7

---

Release Notes

docker/build-push-action (docker/build-push-action)

v7

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - Between 07:00 AM and 04:59 PM, only on Monday, Tuesday, Wednesday, and Thursday ( * 7-16 * * 1,2,3,4 ) (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sagzy]

@CodeRabbit review pls

[coderabbitai]

@sagzy Sure! I'll review the changes in this PR right away.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1468aa41-aa88-47f3-a838-61fad95aaaa3

📥 Commits

Reviewing files that changed from the base of the PR and between feb6aa7 and 54f0da7.

📒 Files selected for processing (1)

• .github/workflows/build.yml

---

Walkthrough

The .github/workflows/build.yml file was updated to upgrade the Docker Build-Push GitHub Action from version 6 to version 7 across three separate build job steps: ActivityPub image build, Migrations image build, and reconcile account topics job image build. No changes were made to the action configurations, conditional logic, or workflow control flow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Update docker/build-push-action action to v7' directly and concisely describes the main change: upgrading the GitHub Action from v6 to v7 across the workflow file.
Description check	✅ Passed	The description provides context about the update, including a changelog table from Mend Renovate showing the version change from v6 to v7, release notes, and configuration details related to the update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/docker-build-push-action-7.x

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use Trivy to scan for security misconfigurations and secrets in Infrastructure as Code files.

Add a .trivyignore file to your project to customize which findings Trivy reports.

[Copilot]

Pull request overview

Updates the GitHub Actions workflow to use docker/build-push-action@v7 for building Docker images, keeping the CI build pipeline current with the action’s latest major release.

Changes:

• Bump docker/build-push-action from v6 to v7 in the build workflow for all Docker build steps.

Comments suppressed due to low confidence (3)

.github/workflows/build.yml:193

• This step sets load: true while also specifying outputs: type=docker,dest=.... load is redundant when you explicitly set outputs, and depending on docker/build-push-action v7 behavior this can lead to confusing/unsupported output configuration. Prefer removing load here and rely on the outputs setting (or remove outputs if you actually intend to load into the runner’s Docker engine).

        uses: docker/build-push-action@v7
        with:
          context: .
          load: true
          platforms: ${{ matrix.platform }}
          tags: ${{ steps.activitypub-docker-metadata-private.outputs.tags }}
          labels: ${{ steps.activitypub-docker-metadata-private.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          outputs: type=docker,dest=/tmp/activitypub-${{ matrix.platform_slug }}.tar

.github/workflows/build.yml:205

• This step sets load: true while also specifying outputs: type=docker,dest=.... With docker/build-push-action v7, mixing shorthand outputs (load) with explicit outputs can be redundant or unsupported. Consider dropping load and keeping the explicit outputs export (or vice versa) to make the output behavior unambiguous.

        uses: docker/build-push-action@v7
        with:
          context: migrate
          load: true
          platforms: ${{ matrix.platform }}
          tags: ${{ steps.activitypub-migrations-docker-metadata-private.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          outputs: type=docker,dest=/tmp/activitypub-migrations-${{ matrix.platform_slug }}.tar

.github/workflows/build.yml:276

• This build uses both load: true and push: true. These flags are contradictory shorthands for different Buildx outputs, and can be rejected by Buildx / build-push-action (especially across major versions). If the intent is to publish the image, drop load; if you need both, use an explicit multi-output outputs: configuration instead of load/push shorthands.

        uses: docker/build-push-action@v7
        with:
          context: jobs/reconcile-account-topics
          load: true
          tags: ${{ steps.reconcile-account-topics-meta.outputs.tags }}
          push: true

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.