Update GitHub Action Workflows

[rongxin-liu]

Summary

• Updates GitHub Actions workflow action pins in .github/workflows.
• Moves actions/checkout from v6.0.2 to v6.0.3 across workflows.
• Refreshes MDK API docs workflow pins for actions/setup-node, actions/upload-pages-artifact, and actions/deploy-pages.
• Preserves commit-SHA pinning with human-readable version comments.

Validation

• git diff --check
• Verified no unpinned external action refs remain in .github/workflows or .github/actions.
• Parsed all workflow and composite action YAML files with Ruby yaml.
• actionlint and zizmor were not installed locally.

[github-actions]

🔐 Codex Security Review

Note: This is an automated security-focused code review generated by Codex.
It should be used as a supplementary check alongside human review.
False positives are possible - use your judgment.

Scope summary

• Reviewed pull request diff only (75933fce45c269e41e0ba2b30cd33825b0389fa7...dcaf7e5d7a96068e85c262c1c886a4dbb1b4abef, exact PR three-dot diff)
• Model: gpt-5.5

💡 Click "edited" above to see previous reviews for this PR.

---

Review Summary

Overall Risk: NONE

Findings

No security, correctness, or reliability findings in the reviewed diff.

Notes

The PR scope in .git/codex-review.diff is limited to GitHub Actions workflow dependency pin updates: mostly actions/checkout from v6.0.2 to v6.0.3, plus setup-node, Pages artifact upload, and Pages deploy updates in docs/artifact workflows.

The workflows preserve full commit-SHA pinning and existing permission scopes. I did not find changes to backend auth, database access, Connect/gRPC handlers, plugin execution, miner/pool configuration, protobuf schemas, frontend runtime code, or deployment container behavior. git diff --check was clean.

---

_{Generated by Codex Security Review |
Triggered by: @rongxin-liu |
Review workflow run}

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.