chore(deps)(deps): Bump actions/checkout from 4 to 6

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Author: dependabot[bot]

.github/workflows/canary-release.yaml

@@ -1,86 +1,86 @@
-name: Canary Release
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened]
-    branches: [main, next]
-
-permissions:
-  contents: write
-  pull-requests: write
-  packages: write
-
-env:
-  DOTNET_VERSION: "10.0.*"
-
-concurrency:
-  group: canary-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  canary:
-    name: Create Canary Release
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request' && (github.event.head_commit == null || (!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci')))
-    outputs:
-      canary-version: ${{ steps.canary.outputs.newVersion }}
-      published: ${{ steps.canary.outputs.published }}
-    steps:
-      - name: Generate GitHub App Token
-        id: generate-token
-        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2.0.0
-        with:
-          app-id: ${{ vars.AUTO_RELEASE_APP_ID }}
-          private-key: ${{ secrets.AUTO_RELEASE_APP_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Setup Auto
-        uses: auto-it/setup-auto@8088350955c4009f66570db1f401fa1e0adb5a38 # v2.0.0
-
-      - name: Create Canary Release
-        id: canary
-        run: |
-          auto canary --pr ${{ github.event.pull_request.number }} --quiet > /tmp/canary-output.txt || echo "published=false" >> $GITHUB_OUTPUT
-          
-          if grep -q "Published" /tmp/canary-output.txt; then
-            echo "published=true" >> $GITHUB_OUTPUT
-            VERSION=$(cat /tmp/canary-output.txt | grep -oP 'v\K[0-9]+\.[0-9]+\.[0-9]+-canary\.[0-9]+\.[a-f0-9]+' || echo "")
-            echo "newVersion=${VERSION}" >> $GITHUB_OUTPUT
-            echo "Canary version: ${VERSION}"
-          else
-            echo "published=false" >> $GITHUB_OUTPUT
-          fi
-        env:
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-
-      - name: Comment on PR
-        if: steps.canary.outputs.published == 'true'
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const version = '${{ steps.canary.outputs.newVersion }}';
-            const body = `## Canary Release Published
-            
-            **Version:** \`v${version}\`
-            
-            This PR has been published as a canary release. Docker images will be built with this version tag.
-            
-            ### Testing
-            You can test this canary by pulling:
-            \`\`\`bash
-            docker pull ghcr.io/${{ github.repository }}/catalog:v${version}
-            \`\`\`
-            `;
-            
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: body
-            });
+name: Canary Release
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches: [main, next]
+
+permissions:
+  contents: write
+  pull-requests: write
+  packages: write
+
+env:
+  DOTNET_VERSION: "10.0.*"
+
+concurrency:
+  group: canary-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  canary:
+    name: Create Canary Release
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request' && (github.event.head_commit == null || (!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci')))
+    outputs:
+      canary-version: ${{ steps.canary.outputs.newVersion }}
+      published: ${{ steps.canary.outputs.published }}
+    steps:
+      - name: Generate GitHub App Token
+        id: generate-token
+        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2.0.0
+        with:
+          app-id: ${{ vars.AUTO_RELEASE_APP_ID }}
+          private-key: ${{ secrets.AUTO_RELEASE_APP_PRIVATE_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+          token: ${{ steps.generate-token.outputs.token }}
+
+      - name: Setup Auto
+        uses: auto-it/setup-auto@8088350955c4009f66570db1f401fa1e0adb5a38 # v2.0.0
+
+      - name: Create Canary Release
+        id: canary
+        run: |
+          auto canary --pr ${{ github.event.pull_request.number }} --quiet > /tmp/canary-output.txt || echo "published=false" >> $GITHUB_OUTPUT
+          
+          if grep -q "Published" /tmp/canary-output.txt; then
+            echo "published=true" >> $GITHUB_OUTPUT
+            VERSION=$(cat /tmp/canary-output.txt | grep -oP 'v\K[0-9]+\.[0-9]+\.[0-9]+-canary\.[0-9]+\.[a-f0-9]+' || echo "")
+            echo "newVersion=${VERSION}" >> $GITHUB_OUTPUT
+            echo "Canary version: ${VERSION}"
+          else
+            echo "published=false" >> $GITHUB_OUTPUT
+          fi
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: Comment on PR
+        if: steps.canary.outputs.published == 'true'
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            const version = '${{ steps.canary.outputs.newVersion }}';
+            const body = `## Canary Release Published
+            
+            **Version:** \`v${version}\`
+            
+            This PR has been published as a canary release. Docker images will be built with this version tag.
+            
+            ### Testing
+            You can test this canary by pulling:
+            \`\`\`bash
+            docker pull ghcr.io/${{ github.repository }}/catalog:v${version}
+            \`\`\`
+            `;
+            
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            });

.github/workflows/docker-publish-auth.yaml

@@ -1,68 +1,68 @@
-name: Build and Publish Auth Image
-
-on:
-  release:
-    types: [published, prereleased]
-
-permissions:
-  contents: write
-  packages: write
-  id-token: write
-  attestations: write
-  security-events: write
-
-jobs:
-  get-version:
-    name: Get Release Version
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.version.outputs.version }}
-    steps:
-      - name: Get version from release
-        id: version
-        run: |
-          VERSION="${{ github.event.release.tag_name }}"
-          VERSION="${VERSION#v}"
-          echo "version=$VERSION" >> $GITHUB_OUTPUT
-          echo "Building auth version: $VERSION"
-
-  check-auth:
-    name: Check if auth Dockerfile exists
-    runs-on: ubuntu-latest
-    outputs:
-      exists: ${{ steps.check.outputs.exists }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: refs/tags/${{ github.event.release.tag_name }}
-
-      - name: Check for auth Dockerfile
-        id: check
-        run: |
-          if [ -f "src/auth/Dockerfile" ]; then
-            echo "exists=true" >> $GITHUB_OUTPUT
-            echo "Auth Dockerfile found"
-          else
-            echo "exists=false" >> $GITHUB_OUTPUT
-            echo "Auth Dockerfile not found - skipping"
-          fi
-
-  build-sign-sbom-auth:
-    name: Build, Sign & SBOM - auth
-    needs: [get-version, check-auth]
-    if: needs.check-auth.outputs.exists == 'true'
-    uses: ./.github/workflows/reusable-build-sign-sbom.yml
-    with:
-      service-name: auth
-      version: ${{ needs.get-version.outputs.version }}
-      dockerfile-path: src/auth/Dockerfile
-      docker-context: '.'
-      # Auth service doesn't need PostgreSQL/RabbitMQ (Keycloak-based)
-      postgres-connection: ''
-      rabbitmq-connection: ''
-    secrets:
-      harbor-url: ${{ secrets.HARBOR_URL }}
-      harbor-username: ${{ secrets.HARBOR_USERNAME }}
-      harbor-password: ${{ secrets.HARBOR_PASSWORD }}
-      github-token: ${{ secrets.GITHUB_TOKEN }}
+name: Build and Publish Auth Image
+
+on:
+  release:
+    types: [published, prereleased]
+
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+  attestations: write
+  security-events: write
+
+jobs:
+  get-version:
+    name: Get Release Version
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+    steps:
+      - name: Get version from release
+        id: version
+        run: |
+          VERSION="${{ github.event.release.tag_name }}"
+          VERSION="${VERSION#v}"
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Building auth version: $VERSION"
+
+  check-auth:
+    name: Check if auth Dockerfile exists
+    runs-on: ubuntu-latest
+    outputs:
+      exists: ${{ steps.check.outputs.exists }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: refs/tags/${{ github.event.release.tag_name }}
+
+      - name: Check for auth Dockerfile
+        id: check
+        run: |
+          if [ -f "src/auth/Dockerfile" ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+            echo "Auth Dockerfile found"
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+            echo "Auth Dockerfile not found - skipping"
+          fi
+
+  build-sign-sbom-auth:
+    name: Build, Sign & SBOM - auth
+    needs: [get-version, check-auth]
+    if: needs.check-auth.outputs.exists == 'true'
+    uses: ./.github/workflows/reusable-build-sign-sbom.yml
+    with:
+      service-name: auth
+      version: ${{ needs.get-version.outputs.version }}
+      dockerfile-path: src/auth/Dockerfile
+      docker-context: '.'
+      # Auth service doesn't need PostgreSQL/RabbitMQ (Keycloak-based)
+      postgres-connection: ''
+      rabbitmq-connection: ''
+    secrets:
+      harbor-url: ${{ secrets.HARBOR_URL }}
+      harbor-username: ${{ secrets.HARBOR_USERNAME }}
+      harbor-password: ${{ secrets.HARBOR_PASSWORD }}
+      github-token: ${{ secrets.GITHUB_TOKEN }}