chore(ci): update Trunk setup action refs

[jaysin586]

Summary

Updates the Trunk setup composite action refs used by CI while preserving the existing Node 24 runtime and package-manager versions.

Changes

🔄 CI/CD

• pnpm/action-setup v4 -> v6
• Leaves node-version: 24 unchanged
• Leaves existing PNPM version values unchanged

Testing

• Verified the diff is limited to .trunk/setup-ci/action.yaml

Commits

• d2868d8 chore(ci): update Trunk setup action refs

[coderabbitai]

📝 Walkthrough

Walkthrough

The composite CI action in .trunk/setup-ci/action.yaml updates the pnpm/action-setup action reference from @v4 to @v6. No other steps or behaviors in the workflow are modified.

Changes

CI Action Version Bump

Layer / File(s)	Summary
pnpm/action-setup v4 → v6 .trunk/setup-ci/action.yaml	The uses field for pnpm/action-setup is bumped from @v4 to @v6.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A bunny hops through CI lanes so bright,
Bumping pnpm from four to six tonight,
One line changed, the pipeline stays clean,
The fastest upgrade that you've ever seen! 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating Trunk setup action references in CI configuration, specifically the pnpm/action-setup version update.
Description check	✅ Passed	The description clearly relates to the changeset, detailing the pnpm/action-setup version update from v4 to v6, preserved Node 24 runtime, and testing verification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/update-trunk-setup-ci-actions

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.trunk/setup-ci/action.yaml:
- Line 7: The pnpm/action-setup version is inconsistent across workflows - the
composite action in setup-ci/action.yaml uses `@v6` but the release workflow still
uses `@v4`. Update the pnpm/action-setup action reference in the release workflow
from `@v4` to `@v6` to maintain consistency with the composite action and ensure all
workflows use the same version.
- Line 7: In the action.yaml file, update the pnpm/action-setup action reference
from the unpinned version `@v6` to a specific patch version `@v6.0.9` or higher.
This ensures compatibility and avoids known breaking changes from earlier v6
releases. The line with `uses: pnpm/action-setup@v6` should be changed to
specify the full semantic version including the patch number to guarantee
consistent behavior with the downstream actions/setup-node usage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3884dbdc-7661-4508-b25e-df338546fbec

📥 Commits

Reviewing files that changed from the base of the PR and between 136b988 and d2868d8.

📒 Files selected for processing (1)

• .trunk/setup-ci/action.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Find all pnpm/action-setup version references in the repository.

# Test: Search for all usages. Expect: All pinned to the same version.
rg -n 'pnpm/action-setup@' .github/ .trunk/

Repository: humanspeak/docs-kit

Length of output: 236

---

Update release workflow to use pnpm/action-setup@v6 for consistency.

This composite action is upgraded to @v6, but .github/workflows/release.yml:23 still pins pnpm/action-setup@v4. This creates environment divergence where workflows using the composite action get v6 behavior while the release workflow uses v4 behavior.

Update the release workflow to match the composite action's version.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.trunk/setup-ci/action.yaml at line 7, The pnpm/action-setup version is
inconsistent across workflows - the composite action in setup-ci/action.yaml
uses `@v6` but the release workflow still uses `@v4`. Update the pnpm/action-setup
action reference in the release workflow from `@v4` to `@v6` to maintain consistency
with the composite action and ensure all workflows use the same version.

---

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

pnpm/action-setup breaking changes v4 to v6

💡 Result:

The transition from pnpm/action-setup v4 to v6 introduced several changes and initial stability issues that have been addressed in subsequent patch releases. Primary Changes and Impacts: - Version Management: The v6 release updated the internal bootstrap version of pnpm, which caused conflicts in projects where a different version was requested via the version input or the packageManager field in package.json [1][2][3]. - PATH Precedence: Early v6 versions suffered from an issue where the bootstrap pnpm binary on the PATH shadowed the self-updated (requested) version. This was addressed by modifying the PATH setup order to ensure the target version takes precedence [2][4][3]. - Lockfile Churn: Initial v6 releases caused unexpected modifications to pnpm-lock.yaml when used in conjunction with actions/setup-node and its pnpm cache feature. This was mitigated in version 6.0.1 and subsequent updates [5][6]. Migration Recommendations: - If you are upgrading, it is highly recommended to use the latest version of pnpm/action-setup (v6.0.9 or higher) to benefit from fixes regarding version resolution, PATH precedence, and lockfile stability [7][4]. - If you encounter issues with version resolution, ensure you are not relying on potentially stale environment state; explicit version pinning in your workflow remains a reliable way to avoid ambiguity [1][2]. For the most up-to-date implementation, refer to the official pnpm documentation for GitHub Actions, which currently reflects the usage of v6 [8].

Citations:

• 1: action-setup@v6 does not install pnpm version specified in package_json_file pnpm/action-setup#227
• 2: action-setup@v6 does not take the requested pnpm version into account pnpm/action-setup#225
• 3: fix: pnpm self-update binary shadowed by bootstrap on PATH pnpm/action-setup#230
• 4: https://github.com/pnpm/action-setup/releases/tag/v6.0.6
• 5: v6.0.0 actions/setup-node PNPM cache modifies pnpm-lock.yaml pnpm/action-setup#226
• 6: https://github.com/pnpm/action-setup/releases/tag/v6.0.1
• 7: https://github.com/pnpm/action-setup/releases/tag/v6.0.9
• 8: https://pnpm.io/continuous-integration

---

🏁 Script executed:

cat -n .trunk/setup-ci/action.yaml

Repository: humanspeak/docs-kit

Length of output: 703

---

Pin pnpm/action-setup to a specific patch version to avoid known breaking change issues.

The v4-to-v6 migration introduced breaking changes including version management conflicts, PATH precedence issues, and lockfile churn when used with actions/setup-node. While these have been fixed in v6.0.1+ and especially v6.0.9+, using @v6 without a patch version pin risks pulling an older release with these issues. Use pnpm/action-setup@v6.0.9 or higher to ensure compatibility with the version: 10 input and the downstream actions/setup-node usage.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.trunk/setup-ci/action.yaml at line 7, In the action.yaml file, update the
pnpm/action-setup action reference from the unpinned version `@v6` to a specific
patch version `@v6.0.9` or higher. This ensures compatibility and avoids known
breaking changes from earlier v6 releases. The line with `uses:
pnpm/action-setup@v6` should be changed to specify the full semantic version
including the patch number to guarantee consistent behavior with the downstream
actions/setup-node usage.