chore: optimize CI pnpm setup

[chenjiahan]

Summary

This PR aligns the GitHub Actions pnpm setup with the current Rsbuild workflow pattern from web-infra-dev/rsbuild#7856.

• Replace corepack/manual pnpm install steps with pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 and run_install: true.
• Explicitly disable actions/setup-node package manager caching with package-manager-cache: false.
• Keep browser installation commands as separate post-install steps where needed.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR standardizes Node.js and pnpm setup across GitHub Actions workflows. Both the CI and release workflows now disable caching in actions/setup-node and use the pnpm/action-setup action with automatic installation enabled (run_install: true), replacing explicit pnpm install commands and previous corepack-based setup logic. This simplifies the workflow configuration and centralizes dependency management through the dedicated pnpm action.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: optimizing the CI pnpm setup across GitHub Actions workflows.
Description check	✅ Passed	The description is directly related to the changeset, detailing the specific updates to CI workflows and pnpm setup configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/optimize-ci-pnpm-action-20260609

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 31-34: The workflow pins pnpm/action-setup@0e279bb... but the
inline comment says v6.0.8 and run_install: true doesn't enforce lockfile
determinism; update the action pin to the SHA that actually corresponds to
v6.0.8 (or change the comment to match the pinned SHA) and replace the implicit
run_install: true behavior with an explicit install step that runs pnpm install
--frozen-lockfile (i.e., stop relying on run_install and add a separate run:
pnpm install --frozen-lockfile step after using pnpm/action-setup) so CI fails
on lockfile drift.

In @.github/workflows/release.yml:
- Around line 29-32: The workflow currently uses the pnpm/action-setup step with
the run_install input, which performs installs without --frozen-lockfile; change
behavior by disabling automatic install (set run_install to false on the
pnpm/action-setup step) and add an explicit subsequent run step that executes
the install with a frozen lockfile (run "pnpm recursive install
--frozen-lockfile") so the release uses lockfile-resolved dependencies;
reference the existing pnpm/action-setup step and the run_install input and add
a new run step named something like "Install dependencies (frozen lockfile)" to
perform the frozen install.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 0468f29b-e9c8-4f27-864d-56c08128b6ad

📥 Commits

Reviewing files that changed from the base of the PR and between c327d14 and 4289e7e.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• .github/workflows/release.yml