fix(ci): tests: Prefer artfact over checkout action

GraphQL complain about it, and GH suggests to use assets,

It is unclear to me how this can be exploited in fork
on job without pull_request_target (that one could be exploited).

Signed-off-by: Philippe Coval <[email protected]>

Author: rzr

.github/workflows/build.yml

@@ -58,3 +58,14 @@ jobs:
           # yamllint disable-line
           name: ${{ github.event.repository.name }}-${{ steps.describe.outputs.describe }}
           path: dist/
+
+      - name: Upload tests artifacts
+        # yamllint disable-line rule:line-length
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
+        with:
+          # yamllint disable-line
+          name: ${{ github.event.repository.name }}-tests
+          path: |
+            scripts/tests
+            docker-compose.yml
+

.github/workflows/test.yml

@@ -47,11 +47,16 @@ jobs:
           rm -rfv "${{env.file}}"
           echo "TODO: https://docs.docker.com/engine/security/trust/"
         # yamllint enable rule:line-length
+
+      - name: Download tests artifacts
       # yamllint disable-line rule:line-length
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093  # v4.3.0
         with:
-          fetch-depth: 0
-          ref: ${{ github.event.workflow_run.head_commit.id }}
+          # yamllint disable-line
+          name: ${{ github.event.repository.name }}-tests
+          github-token: ${{ secrets.GH_SL_ACCESS_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+          path: ${{ runner.temp }}
 
       - name: Download embedded applications package
         # yamllint disable-line rule:line-length
@@ -82,6 +87,8 @@ jobs:
       - name: Run
         id: run
         # yamllint disable rule:line-length
+        env:
+          file: ${{ runner.temp }}/tests/z-wave-stack-binaries-test.sh
         run: |
           set -x
           export ZPC_RUN_MODE="docker"
@@ -91,7 +98,7 @@ jobs:
           export ZPC_COMMAND="docker-compose up --abort-on-container-exit"
           export z_wave_stack_binaries_bin_dir="${{ runner.temp }}/z-wave-stack-binaries/bin"
           export ZPC_ARGS="--log.level=d"
-          ./scripts/tests/z-wave-stack-binaries-test.sh
+          ${{ env.file }}
         # yamllint enable rule:line-length
         continue-on-error: true