diff --git a/.github/workflows/bump-agent-versions.yml b/.github/workflows/bump-agent-versions.yml
index 3a753033e63..20af43eb4c5 100644
--- a/.github/workflows/bump-agent-versions.yml
+++ b/.github/workflows/bump-agent-versions.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # no depth limit
           # so, we can generate snapshot versions based on release branches
diff --git a/.github/workflows/bump-beats-version.yml b/.github/workflows/bump-beats-version.yml
index e74694044b4..ea4f5082119 100644
--- a/.github/workflows/bump-beats-version.yml
+++ b/.github/workflows/bump-beats-version.yml
@@ -37,7 +37,7 @@ jobs:
       fail-fast: false
       matrix: ${{ fromJson(needs.filter.outputs.matrix) }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
       with:
         ref: ${{ matrix.branch }}
 
diff --git a/.github/workflows/bump-golang.yml b/.github/workflows/bump-golang.yml
index 452cb73dd13..dd8d91110f4 100644
--- a/.github/workflows/bump-golang.yml
+++ b/.github/workflows/bump-golang.yml
@@ -19,7 +19,7 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: elastic/oblt-actions/updatecli/run@v1
         with:
diff --git a/.github/workflows/bump-otel-version.yml b/.github/workflows/bump-otel-version.yml
index 12aee4a9fda..62b0455327a 100644
--- a/.github/workflows/bump-otel-version.yml
+++ b/.github/workflows/bump-otel-version.yml
@@ -22,7 +22,7 @@ jobs:
       matrix:
         branch: ["main", "8.19"]
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Set up Go
       uses: actions/setup-go@v5
diff --git a/.github/workflows/bump-vm-images.yml b/.github/workflows/bump-vm-images.yml
index 4ac99155982..d301a5a6d8f 100644
--- a/.github/workflows/bump-vm-images.yml
+++ b/.github/workflows/bump-vm-images.yml
@@ -40,7 +40,14 @@ jobs:
       fail-fast: false
       matrix: ${{ fromJson(needs.filter.outputs.matrix) }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
+        with:
+          # NOTE: as long as the updatecli bump differs between branches, we need to
+          # checkout the branch that we are going to bump that we are going to bump
+          # this is needed to ensure that the updatecli bump is done against the correct updatecli
+          # pipeline. For instance, https://github.com/elastic/elastic-agent/pull/8035 was not
+          # backported to the short lived branches.
+          ref: ${{ matrix.branch }}
 
       - uses: elastic/oblt-actions/updatecli/run@v1
         with:
@@ -55,4 +62,4 @@ jobs:
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#ingest-notifications"
-          message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <${{ env.JOB_URL }}|here>"
+          message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`[${{ matrix.branch }}], @robots-ci please look what's going on <${{ env.JOB_URL }}|here>"
diff --git a/.github/workflows/fragment-in-pr.yml b/.github/workflows/fragment-in-pr.yml
index 6c6b67801fa..755c48bd5e7 100644
--- a/.github/workflows/fragment-in-pr.yml
+++ b/.github/workflows/fragment-in-pr.yml
@@ -8,7 +8,7 @@ jobs:
     if: "!contains(github.event.pull_request.labels.*.name, 'skip-changelog') && !contains(github.event.pull_request.labels.*.name, 'backport')"
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: actions/setup-go@v5
       with:
         go-version-file: .go-version
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
index 03d0fbc2652..e5b73162df1 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -18,7 +18,7 @@ jobs:
     name: lint
     runs-on: ${{  matrix.os }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: actions/setup-go@v5
         with:
diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml
index 6cc83e9c181..16a5a482714 100644
--- a/.github/workflows/post-dependabot.yml
+++ b/.github/workflows/post-dependabot.yml
@@ -16,7 +16,7 @@ jobs:
       contents: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: actions/setup-go@v5
         with:
diff --git a/.github/workflows/updatecli-compose.yml b/.github/workflows/updatecli-compose.yml
index df1a574f4f6..80c93d24260 100644
--- a/.github/workflows/updatecli-compose.yml
+++ b/.github/workflows/updatecli-compose.yml
@@ -17,7 +17,7 @@ jobs:
       packages: read
       pull-requests: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with: