chore(deps): bump setup-deno to v2 and caching-for-turbo to v2.3

[ggazzo]

Summary

• Bump denoland/setup-deno from v1 to v2 (v2.0.4)
• Bump rharkor/caching-for-turbo from v1.8 to v2.3 (v2.3.13)

Summary by CodeRabbit

• Chores
  • Pinned and updated GitHub Actions across CI/CD workflows to specific, newer releases for caching and environment setup (Turbo cache action and Deno setup).
  • These changes stabilize build caching and the development/runtime setup used by automated workflows.

Task: ARCH-2102

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: cd7f278

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: deb26f7f-af93-4176-90c5-bfd044086e1a

📥 Commits

Reviewing files that changed from the base of the PR and between d9eaf81 and cd7f278.

📒 Files selected for processing (12)

• .github/actions/meteor-build/action.yml
• .github/actions/setup-node/action.yml
• .github/workflows/ci-code-check.yml
• .github/workflows/ci-deploy-gh-pages.yml
• .github/workflows/ci-test-e2e.yml
• .github/workflows/ci-test-storybook.yml
• .github/workflows/ci-test-unit.yml
• .github/workflows/ci.yml
• .github/workflows/new-release.yml
• .github/workflows/pr-update-description.yml
• .github/workflows/publish-release.yml
• .github/workflows/release-candidate.yml

✅ Files skipped from review due to trivial changes (7)

• .github/workflows/ci-deploy-gh-pages.yml
• .github/workflows/pr-update-description.yml
• .github/workflows/ci-code-check.yml
• .github/workflows/release-candidate.yml
• .github/workflows/publish-release.yml
• .github/actions/meteor-build/action.yml
• .github/workflows/ci-test-unit.yml

🚧 Files skipped from review as they are similar to previous changes (4)

• .github/workflows/new-release.yml
• .github/workflows/ci-test-storybook.yml
• .github/workflows/ci-test-e2e.yml
• .github/actions/setup-node/action.yml

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: 📦 Meteor Build (coverage)
• GitHub Check: CodeQL-Build

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 0
File: :0-0
Timestamp: 2026-02-24T19:05:56.710Z
Learning: In Rocket.Chat PRs, keep feature PRs free of unrelated lockfile-only dependency bumps; prefer reverting lockfile drift or isolating such bumps into a separate "chore" commit/PR, and always use yarn install --immutable with the Yarn version pinned in package.json via Corepack.

🔇 Additional comments (1)

.github/workflows/ci.yml (1)

233-233: Good hardening: action upgrade is safely commit-pinned.

Both Turbo cache action updates use a full commit SHA (with version annotation), which improves CI reproducibility and supply-chain safety without altering execution flow.

Also applies to: 650-650

---

Walkthrough

Pinned CI action references: replaced rharkor/caching-for-turbo@v1.8 with a specific commit @00a0515f175df9fd2e15c4560144ad5fdbebb0c7 (annotated v2.3.13) across workflows and actions; replaced denoland/setup-deno@v1 with a pinned commit @667a34cdef165d8d2b2e98dde39547c9daac7282 (annotated v2.0.4) in the Deno setup composite action. No other workflow inputs or control flow changed.

Changes

Cohort / File(s)	Summary
Deno Setup Action \.github/actions/setup-node/action.yml	Replaced denoland/setup-deno@v1 with pinned commit denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 (commented # v2.0.4); with: inputs unchanged.
Turbo Caching Action (workflows & action) \.github/actions/meteor-build/action.yml, \.github/workflows/ci-code-check.yml, \.github/workflows/ci-deploy-gh-pages.yml, \.github/workflows/ci-test-e2e.yml, \.github/workflows/ci-test-storybook.yml, \.github/workflows/ci-test-unit.yml, \.github/workflows/ci.yml, \.github/workflows/new-release.yml, \.github/workflows/pr-update-description.yml, \.github/workflows/publish-release.yml, \.github/workflows/release-candidate.yml	Replaced uses: rharkor/caching-for-turbo@v1.8 with pinned commit uses: rharkor/caching-for-turbo@00a0515f175df9fd2e15c4560144ad5fdbebb0c7 (commented # v2.3.13) in all listed files; no other steps, inputs, env vars, or control flow modified.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: bumping setup-deno to v2 and caching-for-turbo to v2.3, which matches the primary objectives of the pull request.
Linked Issues check	✅ Passed	The pull request successfully implements all coding objectives from ARCH-2102: denoland/setup-deno updated to v2.0.4 and rharkor/caching-for-turbo updated to v2.3.13 across all affected workflows and actions.
Out of Scope Changes check	✅ Passed	All changes are directly related to updating the two GitHub Actions versions specified in ARCH-2102; no unrelated or out-of-scope modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ggazzo]

/jira ARCH-2083

[cubic-dev-ai]

1 issue found across 12 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/actions/meteor-build/action.yml">

<violation number="1" location=".github/actions/meteor-build/action.yml:131">
P2: Pin this third-party GitHub Action to a full commit SHA instead of a mutable tag to avoid running unexpectedly changed code in CI.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.18%. Comparing base (3813b08) to head (cd7f278).
⚠️ Report is 4 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop   #40156   +/-   ##
========================================
  Coverage    70.18%   70.18%           
========================================
  Files         3280     3280           
  Lines       116814   116852   +38     
  Branches     20674    20702   +28     
========================================
+ Hits         81988    82018   +30     
+ Misses       31543    31541    -2     
- Partials      3283     3293   +10     

Flag	Coverage Δ
e2e	59.68% <ø> (+0.02%)	⬆️
e2e-api	46.59% <ø> (+0.04%)	⬆️
unit	71.02% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rc-layne]

✅ Layne — scan passed

No security issues found on latest push.