chore: upgrade deprecated CI actions and default Node to 22

[docdyhr]

Summary

• Upgrade cycjimmy/semantic-release-action from v4 to v6 (fixes Node.js 20 deprecation warning, bundles semantic-release 25)
• Upgrade peter-evans/dockerhub-description from v4 to v5 (Node 24 support)
• Update default NODE_VERSION from 20 to 22 across all CI workflows (release, main-ci, codeql, wordpress-compat)
• Note: test matrix in main-ci still tests both Node 20 and 22

Test plan

• CI pipeline passes with Node 22 default
• Semantic release action v6 works correctly on next release
• CodeQL analysis runs on Node 22
• WordPress compatibility tests pass on Node 22

🤖 Generated with Claude Code

Summary by Sourcery

Update CI workflows to use Node.js 22 by default and refresh deprecated GitHub Actions used in the release pipeline.

Build:

• Bump cycjimmy/semantic-release-action from v4 to v6 in the release workflow.
• Upgrade peter-evans/dockerhub-description action from v4 to v5 in the release workflow.
• Set the default NODE_VERSION environment variable to 22 across release, main CI, CodeQL, and WordPress compatibility workflows.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR updates the CI workflows to use Node.js 22 by default and upgrades two deprecated GitHub Actions (semantic-release and Docker Hub description) to their latest major versions, simplifying configuration in the process.

Sequence diagram for updated release workflow with Semantic Release v6 and Node 22

sequenceDiagram
  actor Developer
  participant GitHub as GitHub
  participant ReleaseWorkflow as ReleaseWorkflow_CI
  participant Node22Env as Node22Environment
  participant SemanticRelease as SemanticReleaseActionV6
  participant GitHubReleases as GitHubReleases
  participant NpmRegistry as NpmRegistry
  participant DockerHubAction as DockerHubDescriptionActionV5
  participant DockerHub as DockerHub

  Developer->>GitHub: Push to main or create tag
  GitHub->>ReleaseWorkflow: Trigger release workflow
  ReleaseWorkflow->>Node22Env: Set up Node 22 runtime
  ReleaseWorkflow->>SemanticRelease: Run semantic release
  SemanticRelease->>GitHubReleases: Create or update release
  SemanticRelease->>NpmRegistry: Publish package
  SemanticRelease->>GitHub: Push changelog and tags
  ReleaseWorkflow->>DockerHubAction: Update Docker Hub description
  DockerHubAction->>DockerHub: Apply new repository description

Loading

File-Level Changes

Change	Details	Files
Update default Node.js runtime to version 22 across all CI workflows.	Change NODE_VERSION environment variable from 20 to 22 in the release workflow. Change NODE_VERSION environment variable from 20 to 22 in the code analysis workflow. Change NODE_VERSION environment variable from 20 to 22 in the main CI workflow. Change NODE_VERSION environment variable from 20 to 22 in the WordPress compatibility workflow.	.github/workflows/release.yml .github/workflows/codeql-analysis.yml .github/workflows/main-ci.yml .github/workflows/wordpress-compatibility.yml
Upgrade semantic-release GitHub Action and simplify its configuration.	Bump semantic-release action version from v4 to v6. Remove explicit semantic_version input so the bundled semantic-release from the action is used. Keep extra semantic-release plugins configuration unchanged.	.github/workflows/release.yml
Upgrade Docker Hub description GitHub Action to the latest major version.	Bump Docker Hub description action from v4 to v5 while keeping input parameters the same.	.github/workflows/release.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location path=".github/workflows/release.yml" line_range="208" />
<code_context>

       - name: 📝 Update Docker Hub Description
-        uses: peter-evans/dockerhub-description@v4
+        uses: peter-evans/dockerhub-description@v5
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
</code_context>
<issue_to_address>
**🚨 suggestion (security):** Consider pinning third-party actions to a commit SHA for stronger supply-chain security.

These workflows currently use major-version tags (e.g., `@v5`). For release- and publish-related jobs, please pin third-party actions to an exact commit SHA (with an inline comment for the version, if helpful) to reduce the risk of upstream tag changes impacting your workflow unexpectedly.

Suggested implementation:

```
      - name: 📝 Update Docker Hub Description
        # Pin to a specific commit SHA for supply-chain security (v5.x)
        uses: peter-evans/dockerhub-description@<COMMIT-SHA-HERE> # v5

```

1. Replace `<COMMIT-SHA-HERE>` with the exact commit SHA of the desired `peter-evans/dockerhub-description` v5 release (e.g., from the v5.0.0 or v5.x tag in the repository).
2. For consistency with your comment, consider also pinning other third-party actions in this workflow (e.g., `cycjimmy/semantic-release-action@v6`) to their corresponding commit SHAs using the same pattern and inline version comments.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 suggestion (security): Consider pinning third-party actions to a commit SHA for stronger supply-chain security.

These workflows currently use major-version tags (e.g., @v5). For release- and publish-related jobs, please pin third-party actions to an exact commit SHA (with an inline comment for the version, if helpful) to reduce the risk of upstream tag changes impacting your workflow unexpectedly.

Suggested implementation:

      - name: 📝 Update Docker Hub Description
        # Pin to a specific commit SHA for supply-chain security (v5.x)
        uses: peter-evans/dockerhub-description@<COMMIT-SHA-HERE> # v5

1. Replace <COMMIT-SHA-HERE> with the exact commit SHA of the desired peter-evans/dockerhub-description v5 release (e.g., from the v5.0.0 or v5.x tag in the repository).
2. For consistency with your comment, consider also pinning other third-party actions in this workflow (e.g., cycjimmy/semantic-release-action@v6) to their corresponding commit SHAs using the same pattern and inline version comments.

[Copilot]

Pull request overview

Updates GitHub Actions workflows to use a newer default Node.js version and newer third-party actions to avoid runtime deprecation warnings and keep CI tooling current.

Changes:

• Bump default NODE_VERSION from 20 → 22 in multiple workflows (release, main CI, CodeQL, WordPress compatibility).
• Upgrade cycjimmy/semantic-release-action from v4 → v6 (and remove the now-unneeded semantic_version pin).
• Upgrade peter-evans/dockerhub-description from v4 → v5.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/wordpress-compatibility.yml	Switch workflow default Node version to 22.
.github/workflows/release.yml	Default Node 22 + upgrade semantic-release and Docker Hub description actions.
.github/workflows/main-ci.yml	Switch workflow default Node version to 22 (while keeping the matrix on 20 & 22).
.github/workflows/codeql-analysis.yml	Switch workflow default Node version to 22.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.