Upodate checkout GHA step across all workflows

[masih]

We use different versions across the folows. Some version are no longer supported by latest runners.

Update all to consistently use the immutable latest version.

• Cherry picked from commit c713a03
• Original work Upodate checkout GHA step across all workflows #3659

[cursor]

PR Summary

Low Risk
Changes are limited to CI workflow definitions; behavior should match prior checkout options, with only runner compatibility and supply-chain pinning as the main variables.

Overview
Standardizes every GitHub Actions workflow that checks out the repo on the same immutable actions/checkout commit (9c091bb…), replacing a mix of @v2–@v6 tags that were inconsistent and, per the PR description, no longer supported on current runners.

Each updated step keeps existing with: options (e.g. submodules, fetch-depth, ref) and adds a short comment pointing at the checkout v7.0.0 release. Touched workflows span CI (Go tests, lint, integration, Forge, ETH blocktests), releases (Docker, ECR, nightly), Buf/proto, libwasmvm, dapp tests, and PR→Slack Codex—workflow YAML only, no application code.

^{Reviewed by Cursor Bugbot for commit 563ce80. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	Jun 29, 2026, 2:32 PM

[claude]

LGTM — mechanical cherry-pick standardizing actions/checkout across all workflows to a single immutable v7.0.0 commit SHA.

Extended reasoning...

Overview

This PR is a cherry-pick of already-merged #3659. It updates 17 GitHub Actions workflow YAML files to consistently use actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 (the immutable commit SHA for v7.0.0), replacing a mix of @v2 through @v6 tags. All existing with: options (submodules, fetch-depth, ref, etc.) are preserved verbatim, and a comment is added pointing at the v7.0.0 release. No application code is touched.

Security risks

None — in fact this is a security improvement. Pinning to an immutable commit SHA is the recommended supply-chain hardening practice for third-party GitHub Actions, since floating tags can be retagged by the action author. The chosen action (actions/checkout) is an official GitHub-maintained action, so this is uncontroversial.

Level of scrutiny

Very low. CI infrastructure config only, no production code paths, no logic changes, and the diff is fully mechanical (same SHA pasted in every spot, same options preserved). The original PR #3659 was already reviewed and merged, so this is just propagating the same change.

Other factors

The cursor[bot] PR Summary also flagged this as low risk and confirms the option-preservation observation. The bug hunting system found no issues. The only caveat is that older actions/checkout versions may bring slightly different default behavior (e.g., fetch-depth defaults, ref handling), but the PR description explicitly motivates the change as needed for runner compatibility, and any post-merge CI breakage would surface immediately on the next workflow run.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.01%. Comparing base (a3e031b) to head (563ce80).

Additional details and impacted files

@@               Coverage Diff                @@
##           release/v6.6    #3661      +/-   ##
================================================
- Coverage         58.89%   58.01%   -0.89%     
================================================
  Files              2225     2151      -74     
  Lines            183480   174933    -8547     
================================================
- Hits             108068   101492    -6576     
+ Misses            65704    64433    -1271     
+ Partials           9708     9008     -700     

Flag	Coverage Δ
sei-db	70.41% <ø> (ø)
sei-db-state-db	?

Flags with carried forward coverage won't be shown. Click here to find out more.
see 74 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.