diff --git a/.github/workflows/check_cirrus_cron.yml b/.github/workflows/check_cirrus_cron.yml
index 1b7930d2af..60ee8d1c35 100644
--- a/.github/workflows/check_cirrus_cron.yml
+++ b/.github/workflows/check_cirrus_cron.yml
@@ -44,7 +44,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             # This is where the scripts live
-            - uses: actions/checkout@v5
+            - uses: actions/checkout@v6
               with:
                   repository: containers/podman
                   ref: 'main'
diff --git a/.github/workflows/dev-bump.yml b/.github/workflows/dev-bump.yml
index 4f5af732b1..f27cbbfbe7 100644
--- a/.github/workflows/dev-bump.yml
+++ b/.github/workflows/dev-bump.yml
@@ -8,7 +8,7 @@ jobs:
     name: Bump to -dev
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.ref_name }}
           token: ${{ secrets.PODMANBOT_TOKEN }}
@@ -80,7 +80,7 @@ jobs:
     env:
       GH_TOKEN: ${{ github.token }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           ref: main
           token: ${{ secrets.PODMANBOT_TOKEN }}
diff --git a/.github/workflows/first_contrib_cert_generator.yml b/.github/workflows/first_contrib_cert_generator.yml
index 411d987b6e..36b85d558f 100644
--- a/.github/workflows/first_contrib_cert_generator.yml
+++ b/.github/workflows/first_contrib_cert_generator.yml
@@ -56,7 +56,7 @@ jobs:
       # Step 2: Checkout the repository containing the certificate HTML file.
       - name: Checkout containers/automation repository
         if: ${{ github.event_name == 'workflow_dispatch' || steps.check_first_pr.outputs.is_first_pr == 'true' }}
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           repository: containers/automation
           path: automation-repo
diff --git a/.github/workflows/mac-pkg.yml b/.github/workflows/mac-pkg.yml
index b5b0568dfc..1376ded28d 100644
--- a/.github/workflows/mac-pkg.yml
+++ b/.github/workflows/mac-pkg.yml
@@ -96,7 +96,7 @@ jobs:
         steps.check.outputs.buildarm == 'true' ||
         steps.check.outputs.builduniversal == 'true' ||
         steps.actual_dryrun.outputs.dryrun == 'true'
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         ref: ${{steps.getversion.outputs.version}}
     - name: Set up Go
diff --git a/.github/workflows/machine-os-pr.yml b/.github/workflows/machine-os-pr.yml
index b6d065d2a9..9667ab0e86 100644
--- a/.github/workflows/machine-os-pr.yml
+++ b/.github/workflows/machine-os-pr.yml
@@ -65,7 +65,7 @@ jobs:
         run: |
           pip3 install git+https://github.com/packit/wait-for-copr.git@main
 
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         if: steps.getversion.outputs.update == 'true'
         id: checkout
         with:
diff --git a/.github/workflows/release-artifacts.yml b/.github/workflows/release-artifacts.yml
index c4e15d7d1b..68c0eaee48 100644
--- a/.github/workflows/release-artifacts.yml
+++ b/.github/workflows/release-artifacts.yml
@@ -99,7 +99,7 @@ jobs:
             fi
 
       - name: Checkout Version
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: ${{steps.getversion.outputs.version}}
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9831922b73..825ced584f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -66,7 +66,7 @@ jobs:
     needs: check
     steps:
     - name: Checkout Version
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         ref: ${{needs.check.outputs.version}}
     - name: Set up Go
@@ -103,7 +103,7 @@ jobs:
       KEYCHAIN_PWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }}
     steps:
     - name: Checkout Version
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         ref: ${{needs.check.outputs.version}}
     - name: Set up Go
@@ -161,7 +161,7 @@ jobs:
           }
         Write-Output "version=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
     - name: Checkout Podman
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
     - name: Download Windows zip artifact
       uses: actions/download-artifact@v6
     - name: Set up Go
@@ -262,7 +262,7 @@ jobs:
       VERSION: ${{needs.check.outputs.version}}
     steps:
     - name: Checkout Version
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         ref: ${{needs.check.outputs.version}}
     - name: Get release notes
diff --git a/.github/workflows/update-podmanio.yml b/.github/workflows/update-podmanio.yml
index 5dcbf57874..e80226eeea 100644
--- a/.github/workflows/update-podmanio.yml
+++ b/.github/workflows/update-podmanio.yml
@@ -65,7 +65,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
 
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         if: >-
             steps.getversion.outputs.notRC == 'true' &&
             steps.checkpr.outputs.prexists == 'false'
diff --git a/.github/workflows/upload-win-installer.yml b/.github/workflows/upload-win-installer.yml
index d4df498cef..edf5a26950 100644
--- a/.github/workflows/upload-win-installer.yml
+++ b/.github/workflows/upload-win-installer.yml
@@ -53,7 +53,7 @@ jobs:
     # Note this purposefully checks out the same branch the action runs in, as the
     # installer build script is designed to support older releases (uses the archives
     # on the release tag).
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     # This step is super-duper critical for the built/signed windows installer .exe file.
     # It ensures the referenced $version github release page does NOT already contain
     # this file.  Windows assigns a UUID to the installer at build time, it's assumed