Update actions/checkout action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v5.0.1 -> v6.0.0

---

Release Notes

actions/checkout (actions/checkout)

v6.0.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

This update bumps the GitHub Actions actions/checkout plugin from v5.0.0 to v6.0.0 in both build and code-quality workflows, ensuring CI pipelines run with the latest official checkout improvements.

Walkthrough

• Chore: Upgraded actions/checkout to v6.0.0 across all workflow steps in .github/workflows/build.yaml and .github/workflows/code-quality.yaml to align with the newest GitHub Actions release.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1110 | Completion Tokens: 567}

[github-actions]

I’ve prepared a friendly review of your code with AI assistance. Treat these insights as helpful suggestions, not absolute truths. Feel free to pick what suits your workflow and trust your own judgment. You’re in charge of the final decision and AI is here simply to support you.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 3445 | Completion Tokens: 5785}

[github-actions]

We’re pinning the checkout action to a commit SHA here. It’s more maintainable and readable to use the official semantic version tag (e.g., actions/checkout@v3) instead of a raw SHA. This also ensures you get bug fixes automatically when you opt in to a new minor release.

Example:

- name: Checkout source branch
  uses: actions/checkout@v3
  with:
    ref: ${{ env.SOURCE_BRANCH }}
    path: source-folder

[github-actions]

You have the same checkout step repeated multiple times with only ref and path changing. To improve readability and reduce duplication, consider extracting this into a YAML anchor or a reusable workflow.

Using an anchor:

# Define the anchor once
.checkout-step: &checkout-step
  uses: actions/checkout@v3
  with:
    ref: ${{  }}  # to be overridden
    path: ${{  }} # to be overridden

jobs:
  example:
    steps:
      - name: Checkout source branch
        <<: *checkout-step
        with:
          ref: ${{ env.SOURCE_BRANCH }}
          path: source-folder

      - name: Checkout release branch
        <<: *checkout-step
        with:
          ref: ${{ env.RELEASE_BRANCH }}
          path: release-folder

[github-actions]

Similar to the build workflow, this action is pinned to a commit SHA. Switch to the semantic tag to simplify upgrades and improve clarity:

- name: Checkout source branch
  uses: actions/checkout@v3

[github-actions]

The checkout and setup-node steps are duplicated across multiple jobs. You can DRY these out by creating a reusable workflow or using YAML anchors for the common setup.

Example using a reusable workflow (.github/workflows/common-setup.yaml):

# common-setup.yaml
on: [workflow_call]
jobs:
  setup:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: '16'

And then call it from your quality workflows:

jobs:
  code-quality:
    uses: ./.github/workflows/common-setup.yaml
    with:
      # pass any inputs if needed

[github-actions]

This commit refreshes the CI/CD workflows and dependency set: it bumps the GitHub Actions checkout action to v6.0.0 in both build and code-quality pipelines, ensuring smoother branch handling and performance. It also updates core AI SDK packages to 2.2.0 and the TypeScript linter to 8.47.0 across the PR review and summary modules, aligning with the latest toolchain releases.

Walkthrough

• Chore: Upgraded actions/checkout from v5.0.0 to v6.0.0 across build and code-quality workflows for better stability and branch management.
• Chore: Bumped @sap-ai-sdk/ai-api and @sap-ai-sdk/orchestration to v2.2.0, incorporating recent fixes and performance tweaks.
• Chore: Updated typescript-eslint to v8.47.0 for the latest linting rules and tooling consistency.

_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1594 | Completion Tokens: 1049 | Diff Range: 2d5022f...99cf9bf}

[github-actions]

Thank you for sharing your code. AI-assisted feedback is here to offer ideas and highlight potential improvements. Keep in mind these suggestions are not absolute truths but starting points to explore. Trust your judgment and choose what suits your vision. You remain in charge—AI is your helpful guide on this coding journey.
_{Model: o4-mini-2025-04-16 | Prompt Tokens: 1712 | Completion Tokens: 2244}

[github-actions]

Rather than pinning the checkout action to a specific commit SHA, use its official semver tag (e.g., v3) to receive non-breaking updates and security fixes automatically. For example:

- name: Checkout source branch
  uses: actions/checkout@v3
  with:
    ref: ${{ env.SOURCE_BRANCH }}
    path: source-folder

This keeps your workflow up to date without manually updating the commit hash each release.

[github-actions]

There is a lot of duplicated Checkout release branch and Checkout source branch steps across this workflow. Consider extracting these into a reusable job or composite action to follow DRY principles and simplify maintenance. For example, define a composite action in .github/actions/checkout-branch/action.yml:

name: 'Composite: Checkout Branch'
runs:
  using: 'composite'
  steps:
    - name: Checkout branch
      uses: actions/checkout@v3
      with:
        ref: ${{ inputs.branch_ref }}
        path: ${{ inputs.path }}
inputs:
  branch_ref:
    required: true
    description: 'Branch to checkout'
  path:
    required: true
    description: 'Directory to clone into'

Then invoke it in your workflow:

- name: Checkout source branch
  uses: ./.github/actions/checkout-branch
  with:
    branch_ref: ${{ env.SOURCE_BRANCH }}
    path: source-folder

This reduces repetition and centralizes checkout logic.

[github-actions]

Similar to the build workflow, avoid pinning actions/checkout to a commit SHA. Use a semver tag to benefit from patches and minor updates:

- name: Checkout source branch
  uses: actions/checkout@v3

[github-actions]

The Checkout source branch and Setup Node steps are repeated in parallel jobs. You can define a reusable workflow or composite action for common setup tasks. For instance, create a reusable workflow file .github/workflows/common-setup.yaml:

on: workflow_call
jobs:
  setup:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          ref: ${{ inputs.branch_ref }}
      - uses: actions/setup-node@v6
        with:
          node-version: 18

Then call it in your code-quality.yaml jobs:

jobs:
  lint:
    uses: ./.github/workflows/common-setup.yaml
    with:
      branch_ref: ${{ env.SOURCE_BRANCH }}