chore(deps): update hoverkraft-tech/compose-action action to v2.5.0

[renovate-bot-cbcoutinho]

This PR contains the following updates:

Package	Type	Update	Change
hoverkraft-tech/compose-action	action	minor	v2.4.3 → v2.5.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

hoverkraft-tech/compose-action (hoverkraft-tech/compose-action)

v2.5.0

Compare Source

Release Summary

Fix ensures docker-compose is installed when a compose-version is specified, improving reliability, and documentation for actions and workflows has been updated.

Internal: deps scope updates (actions/checkout, docker/setup-docker-action, docker-compose, npm/actions groups) and minor refactoring.

Breaking change(s)

No breaking changes.

What's Changed

• chore(deps): bump docker/setup-docker-action from 4.6.0 to 4.7.0 in the github-actions-dependencies group by @​dependabot[bot] in #​218
• docs: update actions and workflows documentation by @​hoverkraft-bot[bot] in #​219
• chore(deps): bump the actions-dependencies group with 3 updates by @​dependabot[bot] in #​217
• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the github-actions-dependencies group by @​dependabot[bot] in #​223
• chore(deps): bump the npm-actions-dependencies group with 3 updates by @​dependabot[bot] in #​224
• chore(deps): bump docker-compose from 1.3.0 to 1.3.1 by @​dependabot[bot] in #​225
• fix: install docker-compose when compose-version is specified by @​jmpargana in #​234
• chore: minor refactoring by @​neilime in #​235

New Contributors

• @​jmpargana made their first contribution in #​234

Full Changelog: hoverkraft-tech/compose-action@v2...v2.5.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

Pull Request Review: Update hoverkraft-tech/compose-action to v2.5.0

Summary

This PR updates the hoverkraft-tech/compose-action GitHub Action from v2.4.3 to v2.5.0 across two workflow files. This is an automated dependency update by Renovate Bot.

Code Quality ✅

• Pinning Strategy: The PR correctly uses commit SHA pinning (4894d2492015c1774ee5a13a95b1072093087ec3) with version comments (# v2.5.0), which is a security best practice
• Consistency: Both workflow files are updated consistently
• Minimal Scope: Changes are limited to version bumps only, no behavioral changes

Key Changes in v2.5.0

According to the release notes, this version includes:

• Bug fix: Ensures docker-compose is installed when compose-version is specified (improves reliability)
• Dependency updates: Various internal dependency updates including:
  • actions/checkout (6.0.1 → 6.0.2)
  • docker/setup-docker-action (4.6.0 → 4.7.0)
  • docker-compose (1.3.0 → 1.3.1)
  • npm actions dependencies
• Documentation updates: Updated actions and workflows documentation
• Minor refactoring: Internal code improvements

Security Considerations ✅

• SHA Pinning: Using commit SHA provides protection against tag manipulation attacks
• Upstream Verification: The action is from a reputable source (hoverkraft-tech)
• No Breaking Changes: Release notes confirm no breaking changes
• Scope: Action only manages docker-compose execution in CI, which is already an approved workflow pattern

Testing Impact 🔍

This action is used in:

1. .github/workflows/test.yml (line 69): Main integration test workflow
   • Affects: Docker Compose setup for unit and smoke tests
   • Impact: Should improve reliability when compose-version is specified
2. .github/workflows/rag-evaluation.yml (line 30): RAG evaluation workflow
   • Affects: Vector sync testing environment
   • Impact: Same reliability improvement

Recommendation: Monitor the first few CI runs after merge to ensure the updated action works as expected. The bug fix for docker-compose installation should actually improve CI reliability.

Performance Considerations ✅

• No performance regressions expected
• Bug fix may slightly improve startup time if compose-version specification was previously causing issues

Test Coverage ✅

• No test changes needed - this is infrastructure update
• CI will validate the change automatically
• Existing integration tests will exercise the updated action

Recommendations

1. ✅ Approve and merge - This is a routine maintenance update with a bug fix
2. 🔍 Monitor CI: Watch the first few CI runs post-merge for any unexpected behavior
3. 📝 Documentation: No documentation updates needed (action usage unchanged)

Verdict: LGTM ✅

This is a safe, routine dependency update that includes a reliability bug fix. The update follows security best practices with SHA pinning and maintains consistency across workflows. No code changes required.

Suggested Action: Approve and merge when CI passes.