chore(deps): update actions/checkout action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v4 → v6
actions/checkout	action	major	v2 → v6

---

Release Notes

actions/checkout (actions/checkout)

v6

Compare Source

v5

Compare Source

---

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Code Quality

1. Action Versions: Upgrading actions/checkout to version v6 is a good step forward. However, ensure that you have reviewed the changelog and release notes for actions/checkout@v6 to verify all changes and confirm compatibility. There's no additional improvement required here if the version is compatible.

Security

2. Authentication for Az CLI (azure/login@v1):

   • It is unclear from the diff how the credentials are being provided for azure/login@v1. Ensure the secrets or tokens used for authentication are securely stored in GitHub Secrets and that least-privileged access is applied.

   Example:
   yaml

   • name: 'Az CLI login'
     uses: azure/login@v1
     with:
     creds: ${{ secrets.AZURE_CREDENTIALS }}

3. Pin Actions to SHA or Tag: While referencing actions by version (e.g., @v6) is better than @main, it’s still recommended to pin actions by commit SHA for maximum security to avoid supply-chain attacks.

   Example:

   uses: actions/checkout@c0c12c28bc8e8a506eae9d749c6d5b047f5783a2

Best Practices

4. fetch-depth Configuration:

   • For checkout actions with fetch-depth: 0, confirm that a full repository history is absolutely necessary. If not required, use a limited depth (e.g., fetch-depth: 1) to improve performance and lower resource usage.

   Example:

   with:
     fetch-depth: 1

5. Pin Docker Images:

   • For runs-on: ubuntu-latest, consider pinning to a specific version (e.g., ubuntu-22.04) to avoid unexpected failures due to a new "latest" image update.

   Example:

   runs-on: ubuntu-22.04

Cost

6. The use of ubuntu-latest ensures you're leveraging GitHub-hosted runners, which are cost-effective for standard usage under the free-tier limits. However, regularly monitor your GitHub Actions usage limits, as excess usage can incur additional costs.

Carbon Usage

7. Using ubuntu-latest GitHub-hosted runners means your carbon footprint is tied to GitHub’s infrastructure. If you'd like to optimize, consider investigating self-hosted runners within an environment powered by renewable energy to reduce carbon emissions.

Summary of Suggestions

• Ensure actions/checkout@v6 is compatible with your workflows.
• Verify secure storage and least-privileged access for Azure credentials.
• Pin actions by SHA for security.
• Reduce fetch-depth unless a full repository clone is required.
• Replace ubuntu-latest with a specific Ubuntu version (e.g., ubuntu-22.04) to reduce risks of breaking changes.
• Monitor GitHub Actions usage and consider renewable-powered self-hosted runners to reduce costs and carbon footprint.