chore: bump actions/checkout from 4 to 6

[dependabot]

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043

... (truncated)

Commits

• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• 9f26565 Update actions checkout to use node 24 (#2226)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[kaito-pr-agent]

Title

Update actions/checkout to v6 and v5.0.1 across GitHub workflows

---

Description

• Updated actions/checkout version in GitHub workflows

• Standardized dependency versions across CI/CD pipelines

• Improved workflow reliability with latest action versions

• Maintained consistent action references across all workflows

---

Changes walkthrough 📝

Relevant files

Dependencies

9 files check-files.yml Updated actions/checkout from v5 to v6                                      +1/-1      codeql.yml Updated actions/checkout to v5.0.1                                              +1/-1      create-release.yml Updated actions/checkout to v5.0.1                                              +1/-1      e2e-workflow.yml Updated actions/checkout to v5.0.1                                              +1/-1      helm-chart.yml Updated actions/checkout to v5.0.1                                              +1/-1      lint-go.yaml Updated actions/checkout to v5.0.1                                              +1/-1      publish-gh-image-and-chart.yml Updated actions/checkout to v6 and v5.0.1                                +2/-2      publish-mcr-image.yaml Updated actions/checkout to v6 in multiple steps                  +2/-2      tests.yml Updated actions/checkout to v5.0.1                                              +1/-1

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[kaito-pr-agent]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Inconsistent Versioning The PR updates actions/checkout to different versions (v6 and v5.0.1) in the same file. This inconsistency should be validated to ensure both versions are intentionally used. uses: actions/checkout@v6 with: fetch-depth: 0 - id: check-tag name: Check for Tag run: | TAG="${{ steps.get-tag.outputs.tag }}" if git show-ref --tags --verify --quiet "refs/tags/${TAG}"; then echo "create_tag=$(echo 'false' )" >> $GITHUB_OUTPUT else echo "create_tag=$(echo 'true' )" >> $GITHUB_OUTPUT fi - name: 'Create tag' if: steps.check-tag.outputs.create_tag == 'true' uses: actions/github-script@v8 with: script: | github.rest.git.createRef({ owner: context.repo.owner, repo: context.repo.repo, ref: 'refs/tags/${{ steps.get-tag.outputs.tag }}', sha: context.sha }) build-scan-publish-gh-images: needs: [ check-tag ] runs-on: ubuntu-latest steps: - id: get-registry name: Get registry run: | # registry must be in lowercase echo "registry_repository=$(echo "${{ env.REGISTRY }}/${{ github.repository }}" | tr [:upper:] [:lower:])" >> $GITHUB_OUTPUT - id: get-tag name: Get tag run: | echo "IMG_TAG=$(echo ${{ needs.check-tag.outputs.tag }} | tr -d v)" >> $GITHUB_ENV - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1

[kaito-pr-agent]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Use v6 tag instead of commit hash The PR intends to bump actions/checkout to v6, but this workflow uses a commit hash for v5.0.1 instead. Using explicit version tags (v6) ensures consistent behavior and security updates. Replace the commit hash with the intended v6 tag. .github/workflows/codeql.yml [21] -uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 +uses: actions/checkout@v6 Suggestion importance[1-10]: 7 __ Why: The PR updates other workflows to v6 while this uses a commit hash for v5.0.1, creating inconsistency. Using v6 ensures security updates and aligns with PR's apparent intent.	Medium
	Replace v5 commit with v6 tag This workflow references actions/checkout via a v5.0.1 commit hash, contradicting the PR's goal to upgrade to v6. Using the v6 tag maintains version consistency and ensures all workflows benefit from the latest security patches. .github/workflows/create-release.yml [29] -uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 +uses: actions/checkout@v6 Suggestion importance[1-10]: 7 __ Why: The commit hash references v5.0.1 while the PR aims to upgrade to v6. Using the v6 tag maintains version consistency across workflows.	Medium
	Standardize to v6 tag This step mixes v6 and v5.0.1 references for actions/checkout. For consistency and security, standardize all references to v6. The commit hash should be replaced with the v6 tag to align with the PR's purpose. .github/workflows/publish-gh-image-and-chart.yml [77] -uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 +uses: actions/checkout@v6 Suggestion importance[1-10]: 7 __ Why: The workflow mixes v6 and v5.0.1 references for actions/checkout. Standardizing to v6 ensures consistency and security alignment.	Medium
	Verify full v6 adoption While this uses v6, the PR title indicates upgrading from v4 to v6. Verify that all workflow references have been updated to v6, especially since other workflows still use v5.0.1 commit hashes. This ensures full consistency. .github/workflows/publish-mcr-image.yaml [34] +uses: actions/checkout@v6 - Suggestion importance[1-10]: 5 __ Why: While this line correctly uses v6, the suggestion asks for verification of other workflows. This is a valid review note but doesn't require code changes at this location.	Low