chore(ci): bump docker/build-push-action from 6.19.2 to 7.1.0

[dependabot]

Bumps docker/build-push-action from 6.19.2 to 7.1.0.

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

• Git context query format support by @​crazy-max in docker/build-push-action#1505
• Bump @​docker/actions-toolkit from 0.79.0 to 0.87.0 by @​crazy-max in docker/build-push-action#1505
• Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500
• Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489
• Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491
• Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490
• Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497
• Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510
• Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496
• Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486
• Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

v7.0.0

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in docker/build-push-action#1470
• Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @​crazy-max in docker/build-push-action#1473
• Remove legacy export-build tool support for build summary by @​crazy-max in docker/build-push-action#1474
• Switch to ESM and update config/test wiring by @​crazy-max in docker/build-push-action#1466
• Bump @​actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454
• Bump @​docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479
• Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

Commits

• bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
• 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
• 46580d2 chore: update generated content
• 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
• efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
• ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
• db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
• ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
• 2d8f2a1 chore: update generated content
• 919ac7b fix test since secrets are not written to temp path anymore
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[lml2468]

[APPROVE — self-review, posting as COMMENT] Clean SHA-pinned bump.

✅ docker/build-push-action 6.19.2 → 7.1.0: SHA updated 10e90e3 → bcafcac, version comment updated.
✅ Single-line change, no API or config breaking changes between v6 and v7 for standard push usage.
✅ actionlint passed.

Ready to merge.

[Jerry-Xin]

This CI dependency bump is in scope for Mininglamp-OSS/octo-admin because it updates the project’s Docker publish workflow.

💬 Non-blocking

• 🔵 Suggestion: .github/workflows/docker-publish.yml:185 upgrades docker/build-push-action to v7, whose main compatibility concern is the Node 24 runtime requiring a sufficiently recent Actions runner. This workflow uses GitHub-hosted runners (ubuntu-latest, ubuntu-24.04-arm), so I do not see a blocker, but this is worth remembering if the workflow later moves to self-hosted runners. (github.com)

✅ Highlights

• .github/workflows/docker-publish.yml:185 keeps the action pinned by full commit SHA, and the SHA resolves to upstream refs/tags/v7.1.0.
• No usage of the removed DOCKER_BUILD_NO_SUMMARY or DOCKER_BUILD_EXPORT_RETENTION_DAYS environment variables was found.
• Existing inputs (context, file, platforms, outputs, GHA cache, provenance) remain aligned with the Docker build/push workflow pattern.

No additional tests are required for this one-line CI action pin update.

[lml2468]

[APPROVE — COMMENT due to self-review restriction] Independent cross-review.

Verified:

1. SHA pin — bcafcacb16a39f128d818304e6c9c0c18556b85f matches docker/build-push-action tag v7.1.0. ✅
2. Single occurrence — Only the build job uses this action (merge job uses metadata/login/manifest, not build-push). ✅
3. Usage compatibility — with inputs (context, file, platforms, labels, outputs, cache-from/to) are stable across v6→v7. ✅
4. CI — All checks green. ✅

No blocking issues.

[dependabot]

Superseded by #52.