Bump actions/checkout from 5.0.1 to 6.0.0

.github/workflows/autofix.yaml

@@ -52,7 +52,7 @@ jobs:
       is_python_project: ${{ steps.project-metadata.outputs.is_python_project }}
       blacken_docs_params: ${{ steps.project-metadata.outputs.blacken_docs_params }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run gha-utils metadata
         id: project-metadata
@@ -71,7 +71,7 @@ jobs:
     if: needs.project-metadata.outputs.python_files || needs.project-metadata.outputs.doc_files
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run autopep8
         if: needs.project-metadata.outputs.python_files
@@ -170,7 +170,7 @@ jobs:
     if: fromJSON(needs.project-metadata.outputs.is_python_project)
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Sync uv.lock
         run: |
@@ -201,7 +201,7 @@ jobs:
     # Cannot use "ubuntu-slim" because shfmt is not available there.
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Install mdformat
         run: >
@@ -252,7 +252,7 @@ jobs:
     if: needs.project-metadata.outputs.json_files
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - name: Install ESLint with JSON support
         run: |
           npm --no-progress install --no-save "eslint@9.36.0" "@eslint/json@0.13.2"
@@ -349,7 +349,7 @@ jobs:
     if: fromJSON(needs.project-metadata.outputs.gitignore_exists)
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - name: Install git-extras
         run: |
           sudo apt update

.github/workflows/changelog.yaml

@@ -33,7 +33,7 @@ jobs:
           - minor
           - major
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Install bump-my-version
         run: >
@@ -97,7 +97,7 @@ jobs:
     # XXX This cannot be done because there is no way to group "replace" actions into a collection. Maybe we should
     # start to discuss this upstream.
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Install bump-my-version
         run: >

.github/workflows/debug.yaml

@@ -15,7 +15,7 @@ jobs:
     outputs:
       build_targets: ${{ steps.project-metadata.outputs.build_targets }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run gha-utils metadata
         id: project-metadata

.github/workflows/docs.yaml

@@ -31,7 +31,7 @@ jobs:
     name: Fix typos
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: crate-ci/typos@v1.39.2
         with:
           write_changes: true
@@ -68,7 +68,7 @@ jobs:
       is_sphinx: ${{ steps.project-metadata.outputs.is_sphinx }}
       active_autodoc: ${{ steps.project-metadata.outputs.active_autodoc }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run gha-utils metadata
         id: project-metadata
@@ -88,7 +88,7 @@ jobs:
     # Cannot use "ubuntu-slim" here because calibreapp/image-actions rely on Docker.
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: calibreapp/image-actions@1.4.1
         id: image_actions
         with:
@@ -121,7 +121,7 @@ jobs:
     if: fromJSON(needs.project-metadata.outputs.mailmap_exists)
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           # Fetch all history to extract all contributors.
           fetch-depth: 0
@@ -157,7 +157,7 @@ jobs:
     if: fromJSON(needs.project-metadata.outputs.is_python_project)
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Install pipdeptree
         run: |
@@ -213,7 +213,7 @@ jobs:
       && fromJSON(needs.project-metadata.outputs.active_autodoc)
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run Sphinx
         run: |
@@ -243,7 +243,7 @@ jobs:
     if: fromJSON(needs.project-metadata.outputs.is_python_project) && fromJSON(needs.project-metadata.outputs.is_sphinx)
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
         with:
           # We rely on recent Python features in some of our {click:run} directives.
@@ -274,7 +274,7 @@ jobs:
     # files from awesome-template.
     steps:
       - name: Initial checkout
-        uses: actions/checkout@v5.0.1
+        uses: actions/checkout@v6.0.0
         with:
           token: ${{ secrets.WORKFLOW_UPDATE_GITHUB_PAT || secrets.GITHUB_TOKEN }}
           fetch-depth: 0

.github/workflows/labeller-content-based.yaml

@@ -34,7 +34,7 @@ jobs:
       && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - name: Download default rules
         run: >
           curl -fsSL --output ./.github/labeller-content-based.yaml

.github/workflows/labeller-file-based.yaml

@@ -31,7 +31,7 @@ jobs:
       && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - name: Download default rules
         run: >
           curl -fsSL --output ./.github/labeller-file-based.yaml

.github/workflows/labels.yaml

@@ -25,7 +25,7 @@ jobs:
     # Cannot use "ubuntu-slim" here because julb/action-manage-label rely on Docker.
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - name: Sync labels
         uses: julb/action-manage-label@1.0.1
         env:

.github/workflows/lint.yaml

@@ -31,7 +31,7 @@ jobs:
       is_python_project: ${{ steps.project-metadata.outputs.is_python_project }}
       mypy_params: ${{ steps.project-metadata.outputs.mypy_params }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run gha-utils metadata
         id: project-metadata
@@ -50,7 +50,7 @@ jobs:
     if: github.head_ref != 'prepare-release' && needs.project-metadata.outputs.python_files
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Install all package dependencies
         run: |
@@ -75,7 +75,7 @@ jobs:
       && needs.project-metadata.outputs.yaml_files
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run yamllint
         run: >
@@ -94,7 +94,7 @@ jobs:
       && needs.project-metadata.outputs.zsh_files
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - name: Install Zsh
         run: |
           sudo apt update
@@ -113,7 +113,7 @@ jobs:
       && needs.project-metadata.outputs.workflow_files
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - name: Install actionlint
         id: install_actionlint
         run: |
@@ -164,7 +164,7 @@ jobs:
     # action blindly creates issues ad-nauseam. See: https://github.com/peter-evans/create-issue-from-file/issues/298 .
     # This was also discussed at: https://github.com/lycheeverse/lychee-action/issues/74#issuecomment-1587089689
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: lycheeverse/lychee-action@v2.7.0
         id: lychee_run
         with:
@@ -272,7 +272,7 @@ jobs:
       && github.head_ref != 'prepare-release'
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           # Fetch all history to please linter's age checks.
           fetch-depth: 0
@@ -291,7 +291,7 @@ jobs:
     if: github.head_ref != 'prepare-release' && ! fromJson(needs.project-metadata.outputs.is_bot)
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           fetch-depth: 0
       - uses: gitleaks/gitleaks-action@v2.3.9

.github/workflows/release.yaml

@@ -73,7 +73,7 @@ jobs:
       package_name: ${{ steps.project-metadata.outputs.package_name }}
       release_notes: ${{ steps.project-metadata.outputs.release_notes }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           # Checkout pull request HEAD commit to ignore actions/checkout's merge commit. Fallback to push SHA.
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
@@ -107,7 +107,7 @@ jobs:
       matrix: ${{ fromJSON(needs.project-metadata.outputs.new_commits_matrix) }}
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           ref: ${{ matrix.commit }}
       - uses: astral-sh/setup-uv@v7.1.4
@@ -133,7 +133,7 @@ jobs:
     # We keep going when a job flagged as not stable fails.
     continue-on-error: ${{ matrix.state == 'unstable' }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           ref: ${{ matrix.commit }}
       - uses: astral-sh/setup-uv@v7.1.4
@@ -262,7 +262,7 @@ jobs:
     # We keep going when a job flagged as not stable fails.
     continue-on-error: ${{ matrix.state == 'unstable' }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           ref: ${{ matrix.commit }}
       - name: Download artifact
@@ -296,7 +296,7 @@ jobs:
       matrix: ${{ fromJSON(needs.project-metadata.outputs.release_commits_matrix) }}
     runs-on: ubuntu-slim
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
         with:
           ref: ${{ matrix.commit }}
           # XXX We need custom PAT with workflows permissions because tag generation will work but it will not trigger

.github/workflows/tests.yaml

@@ -54,7 +54,7 @@ jobs:
     # We keep going when a job flagged as not stable fails.
     continue-on-error: ${{ matrix.state == 'unstable' }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Install Python ${{ matrix.python-version }}
         # If UV cannot find the requested Python version, it exits with code 2, which let the job pass unnoticed on
@@ -105,7 +105,7 @@ jobs:
     outputs:
       build_targets: ${{ steps.project-metadata.outputs.build_targets }}
     steps:
-      - uses: actions/checkout@v5.0.1
+      - uses: actions/checkout@v6.0.0
       - uses: astral-sh/setup-uv@v7.1.4
       - name: Run gha-utils metadata
         id: project-metadata