diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index dd8af25f..4df46a86 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -13,7 +13,7 @@ jobs:
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
@@ -89,7 +89,7 @@ jobs:
           git config --global core.autocrlf false
           git config --global core.eol lf
 
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - name: Setup Helm
         uses: azure/setup-helm@v5
@@ -126,7 +126,7 @@ jobs:
         with:
           cluster_name: kind
 
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - name: Setup Helm
         uses: azure/setup-helm@v5
diff --git a/.github/workflows/lint-sh.yaml b/.github/workflows/lint-sh.yaml
index fa7afbe9..5e1940be 100644
--- a/.github/workflows/lint-sh.yaml
+++ b/.github/workflows/lint-sh.yaml
@@ -15,7 +15,7 @@ jobs:
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
     continue-on-error: true
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: luizm/action-sh-checker@v0.10.0
         with:
           sh_checker_exclude: 'scripts'
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 2d79ba23..4ce3ffd0 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: actions/setup-go@v6
         with:
           go-version-file: 'go.mod'
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1e4c39e8..e35c2d62 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -37,7 +37,7 @@ jobs:
         run: echo "flags=--snapshot --skip=sign" >> $GITHUB_ENV
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
         with:
           fetch-depth: 0
       -
@@ -135,7 +135,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
       -
         name: Test provenance signing with disposable key
         run: |