chore(deps): update actions/checkout action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v4 → v6
actions/checkout	action	major	v3 → v6

---

Release Notes

actions/checkout (actions/checkout)

v6

Compare Source

v5

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[greptile-apps]

Greptile Overview

Greptile Summary

Updates actions/checkout from v3/v4 to v6 across all GitHub Actions workflows. This is a routine dependency update that brings enhanced security through improved credential storage (credentials now stored in $RUNNER_TEMP instead of .git/config) and updates the Node.js runtime to v24. The upgrade is backward compatible with no breaking changes or workflow modifications required.

Confidence Score: 5/5

• This PR is safe to merge with no risk
• The upgrade from actions/checkout v3/v4 to v6 is a routine dependency update with no breaking changes. All workflow configurations remain unchanged, and the update brings security improvements through better credential isolation. The action is maintained by GitHub and widely used across the ecosystem.
• No files require special attention

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Updated actions/checkout from v3 to v6 in test and smoke-test jobs; no issues found
.github/workflows/coana-analysis.yml	Updated actions/checkout from v4 to v6 in coana-vulnerability-analysis job; no issues found
.github/workflows/coana-guardrail.yml	Updated actions/checkout from v4 to v6 in two checkout steps; no issues found
.github/workflows/release.yml	Updated actions/checkout from v4 to v6 in create-release and publish jobs; no issues found
.github/workflows/version-bump.yml	Updated actions/checkout from v4 to v6 in bump-version job; no issues found

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant Renovate as Renovate Bot
    participant GHA as GitHub Actions
    participant Runner as Actions Runner
    participant Checkout as actions/checkout@v6
    
    Dev->>Renovate: Monitors dependencies
    Renovate->>Renovate: Detects actions/checkout v6 available
    Renovate->>GHA: Creates PR #535 (v3/v4 → v6)
    
    Note over GHA,Checkout: PR Triggers Workflows
    
    GHA->>Runner: Trigger CI workflow
    Runner->>Checkout: Execute checkout@v6
    Checkout->>Checkout: Uses Node.js 24 runtime
    Checkout->>Checkout: Stores credentials in $RUNNER_TEMP
    Checkout->>Runner: Repository checked out
    Runner->>GHA: Run tests, linting, type checks
    
    GHA->>Runner: Trigger coana-guardrail workflow
    Runner->>Checkout: Execute checkout@v6 (base branch)
    Checkout->>Runner: Base branch checked out
    Runner->>Runner: Run Coana analysis on base
    Runner->>Checkout: Execute checkout@v6 (PR branch)
    Checkout->>Runner: PR branch checked out
    Runner->>Runner: Run Coana analysis on PR
    Runner->>GHA: Compare security reports
    
    GHA->>Dev: All workflows pass ✓
    Dev->>GHA: Review and merge PR
    
    Note over Checkout: Security Improvement: Credentials<br/>stored in separate file under<br/>$RUNNER_TEMP instead of .git/config

Loading

[greptile-apps]

_{5 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}