ci(deps): bump the github-actions group with 6 updates

.github/workflows/ci.yml

@@ -25,7 +25,7 @@ jobs:
       helm: ${{ steps.detect.outputs.helm }}
       api_docs: ${{ steps.detect.outputs.api_docs }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Detect Docker-impacting changes
         id: detect
         shell: bash
@@ -74,7 +74,7 @@ jobs:
     if: github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
@@ -117,7 +117,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [changes]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Helm
         uses: azure/setup-helm@v5
@@ -170,10 +170,10 @@ jobs:
     name: Examples Smoke Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.13.0
+        uses: helm/kind-action@v1.14.0
         with:
           cluster_name: examples-test
 
@@ -201,7 +201,7 @@ jobs:
     name: Security Audit
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
@@ -218,7 +218,7 @@ jobs:
     name: Lint & Format
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
@@ -256,7 +256,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [security-audit, lint]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
@@ -275,10 +275,10 @@ jobs:
     runs-on: ubuntu-latest
     needs: [changes, lint]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@v5
         with:
           version: v3.14.0
 
@@ -294,10 +294,10 @@ jobs:
     runs-on: ubuntu-latest
     needs: [changes, lint]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.12"
 
@@ -323,7 +323,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: test
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
@@ -360,7 +360,7 @@ jobs:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Lowercase IMAGE_NAME
         run: echo "IMAGE_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
@@ -412,7 +412,7 @@ jobs:
       contents: read
       security-events: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Lowercase IMAGE_NAME
         run: echo "IMAGE_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV

.github/workflows/pre-commit.yml

@@ -11,7 +11,7 @@ jobs:
     name: Pre-commit Hooks
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
@@ -22,7 +22,7 @@ jobs:
         uses: Swatinem/rust-cache@v2
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.x'
 

.github/workflows/security-scan.yml

@@ -18,7 +18,7 @@ jobs:
     name: Cargo Security Audit
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - name: Install Rust
       uses: dtolnay/rust-toolchain@stable
@@ -32,7 +32,7 @@ jobs:
     name: Trivy Vulnerability Scanner (Code/FS/Dep/Containers)
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - name: Run Trivy vulnerability scanner FS
       uses: aquasecurity/trivy-action@master
@@ -54,20 +54,20 @@ jobs:
         args: ['--scanners', 'vuln', '--vuln-type', 'library']
 
     - name: Upload Trivy scan results FS
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: trivy-fs-results.sarif
 
     - name: Upload Trivy cargo results
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: trivy-cargo-results.sarif
 
   docker-trivy:
     name: Trivy Container Scan
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - name: Build Docker image
       run: docker build -t stellar-operator:scan .
@@ -81,15 +81,15 @@ jobs:
         severity: 'CRITICAL,HIGH'
 
     - name: Upload Trivy Docker scan
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: trivy-docker.sarif
 
   iac-checkov:
     name: IaC Security Scan (Helm/K8s manifests)
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - name: Checkov IaC scan
       uses: bridgecrewio/checkov-action@v12
@@ -100,15 +100,15 @@ jobs:
         output_file_path: checkov-results.sarif
 
     - name: Upload Checkov results
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: checkov-results.sarif
 
   compliance-kube-bench:
     name: Kubernetes Compliance (CIS Kube-bench)
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - name: Run kube-bench
       run: |
@@ -122,7 +122,7 @@ jobs:
     name: Penetration Testing Scenarios (k6)
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - name: Setup k6
       uses: grafana/xk6-action@v2
@@ -142,7 +142,7 @@ jobs:
     needs: [cargo-audit, trivy-vuln-scan, docker-trivy, iac-checkov, compliance-kube-bench, pen-testing-k6]
     if: always()
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Security Status Summary
       run: |
         echo \"## Security Scan Results\" >> $GITHUB_STEP_SUMMARY

.github/workflows/soak-test.yml

@@ -39,7 +39,7 @@ jobs:
 
     steps:
       # ── 1. Checkout ──────────────────────────────────────────────────────────
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       # ── 2. Build operator ────────────────────────────────────────────────────
       - name: Install Rust toolchain
@@ -137,7 +137,7 @@ jobs:
       # ── 8. Upload results (always, so failures are inspectable) ──────────────
       - name: Upload memory samples
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: soak-memory-samples
           path: /tmp/soak-memory.log

.github/workflows/verify-operator-boot.yml

@@ -1,4 +1,4 @@
 name: Verify Operator Boot (Issue #146)
 
 # Verifies that the operator binary builds and connects to a live kind cluster.
 # Acceptance criteria:
@@ -27,7 +27,7 @@
 
     steps:
       # ── 1. Checkout ──────────────────────────────────────────────────────────
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       # ── 2. Rust toolchain + cache ────────────────────────────────────────────
       - name: Install Rust toolchain
@@ -49,7 +49,7 @@
 
       # ── 4. Create kind cluster (AC #2) ──────────────────────────────────────
       - name: Install kind
-        uses: helm/kind-action@v1.13.0
+        uses: helm/kind-action@v1.14.0
         with:
           install_only: true
 
@@ -119,7 +119,7 @@
       # ── 8. Upload log as artifact ────────────────────────────────────────────
       - name: Upload operator log
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: operator-boot-log
           path: /tmp/operator.log