ci: update actions version and remove sccache

[isHarryh]

概要

此 PR 对 CI 进行了调整：

1. 更新部分 v4 Actions 到 v6，因为 2026 年 6 月份 GitHub 官方将弃用对应的环境。
2. 删除 sccache 步骤，因为该缓存从未被命中过，属于无效缓存步。

Summary by Sourcery

更新 CI 工作流，以使用更新版本的 GitHub Actions，并简化构建流水线。

Build:

• 在构建工作流中，将 checkout、setup-node、pnpm、upload-artifact 和 download-artifact actions 从 v4 提升到 v6。
• 从 Windows、Linux 和 macOS 的构建任务中移除与 sccache 相关的步骤和环境变量，改为依赖现有的 Rust 缓存。

CI:

• 刷新 CI 配置，使其与最新的 GitHub Actions 生态保持一致，并移除未使用的编译器缓存集成。

Original summary in English

Summary by Sourcery

Update CI workflows to use newer GitHub Actions versions and simplify the build pipeline.

Build:

• Bump checkout, setup-node, pnpm, upload-artifact, and download-artifact actions from v4 to v6 in the build workflow.
• Remove sccache-related steps and environment variables from Windows, Linux, and macOS build jobs, relying on the existing Rust cache instead.

CI:

• Refresh CI configuration to align with the latest GitHub Actions ecosystem and drop unused compiler cache integration.

[sourcery-ai]

Hey - 我发现了 1 个问题，并给出了一些整体性的反馈：

• 建议将更新后的 GitHub Actions（checkout、setup-node、pnpm、upload/download-artifact）从浮动的大版本标签（例如 @v6）改为固定的 commit SHA，以提升 CI 供应链安全性并避免意外的破坏性变更。

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider pinning the updated GitHub Actions (checkout, setup-node, pnpm, upload/download-artifact) to specific commit SHAs instead of floating major versions (e.g., @v6) to improve CI supply-chain security and avoid unexpected breaking changes.

## Individual Comments

### Comment 1
<location path=".github/workflows/build.yml" line_range="39" />
<code_context>
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

       - name: Get version
</code_context>
<issue_to_address>
**question (bug_risk):** 请确认所有升级版本的 GitHub Actions（checkout/setup-node/pnpm/upload/download）确实都提供了 v6 标签，并且没有遗漏任何新的必填输入参数。

在进行这类主版本升级时，请简单浏览每个 action 的 v6 版本发布说明，以确认没有会影响该工作流的行为变更（例如：token 权限、setup-node/pnpm 缓存、artifact 的命名/保留策略），以免在合并后才发现流水线被破坏。
</issue_to_address>

---

Sourcery 对开源项目是免费的——如果你喜欢我们的代码审查，请考虑分享给更多人 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用！请在每条评论上点 👍 或 👎，我会根据你的反馈改进后续的审查。}

Original comment in English

Hey - I've found 1 issue, and left some high level feedback:

• Consider pinning the updated GitHub Actions (checkout, setup-node, pnpm, upload/download-artifact) to specific commit SHAs instead of floating major versions (e.g., @v6) to improve CI supply-chain security and avoid unexpected breaking changes.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider pinning the updated GitHub Actions (checkout, setup-node, pnpm, upload/download-artifact) to specific commit SHAs instead of floating major versions (e.g., @v6) to improve CI supply-chain security and avoid unexpected breaking changes.

## Individual Comments

### Comment 1
<location path=".github/workflows/build.yml" line_range="39" />
<code_context>
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

       - name: Get version
</code_context>
<issue_to_address>
**question (bug_risk):** Validate that all bumped GitHub Actions (checkout/setup-node/pnpm/upload/download) actually provide a v6 tag and that no new required inputs are missing.

When doing these major-version bumps, please skim the v6 release notes for each action to confirm there are no behavior changes that would affect this workflow (e.g., token permissions, setup-node/pnpm caching, artifact naming/retention), so we don’t discover a broken pipeline after merge.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}