Update actions/checkout action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v4.1.7 → v6.0.3

---

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[entelligence-ai-pr-reviews]

Entelligence AI Vulnerability Scanner

Status: No security vulnerabilities found

Your code passed our comprehensive security analysis.

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates the GitHub Actions checkout action from version 4.1.7 to 6.0.0 across all workflow files in the repository. The upgrade is a major version bump that maintains the security practice of pinning to specific commit SHAs, changing from commit 692973e3d937129bcbf40652eb9f2f61becf3332 to 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3. This dependency update likely includes bug fixes, performance improvements, security patches, and new features from the actions/checkout repository. The change affects three workflow files: build, CI, and CodeQL analysis workflows.

Changes

File(s)	Summary
.github/workflows/build.yml .github/workflows/ci.yml .github/workflows/codeql-analysis.yml	Updated the GitHub Actions checkout action from v4.1.7 to v6.0.0, changing the pinned commit SHA from 692973e3d937129bcbf40652eb9f2f61becf3332 to 1af3b93b6815bc44a9784bd300feb67ff0d1eeb3.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant Runner as GitHub Actions Runner
    participant Checkout as actions/checkout
    participant Repo as Repository
    participant Bun as oven-sh/setup-bun

    Note over Runner,Bun: Workflow Execution

    Runner->>Checkout: Execute checkout step
    Note right of Checkout: Version upgraded:<br/>v4.1.7 → v6.0.0
    
    Checkout->>Repo: Clone repository
    Repo-->>Checkout: Repository contents
    Checkout-->>Runner: Checkout complete
    
    Runner->>Bun: Execute setup-bun step (v1)
    Bun->>Bun: Install and configure Bun runtime
    Bun-->>Runner: Setup complete
    
    Note over Runner: Ready for subsequent workflow steps

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

EntelligenceAI PR Summary

This PR bumps the actions/checkout GitHub Action to v6.0.3 across all CI/CD workflow files.

• Updated actions/checkout from v4.1.7 to v6.0.3 in .github/workflows/build.yml
• Updated actions/checkout from v4.1.7 to v6.0.3 in .github/workflows/ci.yml
• Updated actions/checkout from v4.1.7 to v6.0.3 in .github/workflows/codeql-analysis.yml
• All workflows now pin the new version to commit SHA df4cb1c069e1874edd31b4311f1884172cec0e10

---

Confidence Score: 5/5 - Safe to Merge

Safe to merge — this PR performs a straightforward dependency bump of actions/checkout from v4.1.7 to v6.0.3 across three workflow files: build.yml, ci.yml, and codeql-analysis.yml. The update correctly pins the new version to a specific commit SHA (df4cb1c069e1874edd31b4311f1884172cec0e10), which is a security best practice for supply chain integrity in GitHub Actions workflows. No logic changes, configuration alterations, or behavioral modifications are introduced beyond the version update itself, and the review produced zero substantive comments.

Key Findings:

• All three workflow files (build.yml, ci.yml, codeql-analysis.yml) consistently pin actions/checkout to commit SHA df4cb1c069e1874edd31b4311f1884172cec0e10, maintaining the supply-chain security posture of using SHA-pinned actions rather than mutable version tags.
• The change is purely a version bump with no surrounding logic modifications — no environment variables, trigger conditions, job steps, or permissions blocks were altered, minimizing the risk surface of this PR.
• No pre-existing unresolved review comments exist, and the automated heuristic analysis found zero issues across all severity tiers for all three changed files.