codeready-toolchain · dependabot · Jun 19, 2026 · coderabbitai · Jun 19, 2026 · coderabbitai
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v6
+      uses: actions/checkout@v7
 
     - name: Install Go
       uses: actions/setup-go@v6
@@ -35,7 +35,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v6
+      uses: actions/checkout@v7
 
     - name: Install Go
       uses: actions/setup-go@v6

diff --git a/.github/workflows/ci-check-gomod.yml b/.github/workflows/ci-check-gomod.yml
@@ -12,6 +12,6 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
     - name: Checkout code
-      uses: actions/checkout@v6
+      uses: actions/checkout@v7
     - name: check
       uses: codeready-toolchain/toolchain-cicd/gomod-check@master
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v6
+      uses: actions/checkout@v7
-    - name: Checkout code
-      uses: actions/checkout@v6
-      uses: actions/checkout@v7
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      with:
+        persist-credentials: false
-    - name: Checkout code
-      uses: actions/checkout@v6
-      uses: actions/checkout@v7
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      with:
+        persist-credentials: false
 
     - name: Run govulncheck
       uses: codeready-toolchain/toolchain-cicd/govulncheck-action@master

diff --git a/.github/workflows/publish-components-for-e2e-tests.yml b/.github/workflows/publish-components-for-e2e-tests.yml
@@ -25,7 +25,7 @@ jobs:
     steps:
     # Checkout from PR event
     - name: Checkout code from PR event
-      uses: actions/checkout@v6
+      uses: actions/checkout@v7
-      uses: actions/checkout@v7
+      uses: actions/checkout@v7
+      with:
+        ref: ${{github.event.pull_request.head.ref}}
+        repository: ${{github.event.pull_request.head.repo.full_name}}
+        fetch-depth: 0
+        allow-unsafe-pr-checkout: true
+        persist-credentials: false
-      uses: actions/checkout@v7
+      uses: actions/checkout@v7
+      with:
+        ref: ${{github.event.pull_request.head.ref}}
+        repository: ${{github.event.pull_request.head.repo.full_name}}
+        fetch-depth: 0
+        allow-unsafe-pr-checkout: true
+        persist-credentials: false
       if: ${{ github.event_name == 'pull_request_target' }}
       with:
         ref: ${{github.event.pull_request.head.ref}}
@@ -45,7 +45,7 @@ jobs:
     # Checkout the code based on the data retrieved from the previous step
     # Is executed only for comment events
     - name: Checkout code from PR
-      uses: actions/checkout@v6
+      uses: actions/checkout@v7
       if: ${{ github.event_name == 'issue_comment' }}
       with:
         repository: ${{ fromJson(steps.request.outputs.data).head.repo.full_name }}