diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 93fb0fe..e1edae0 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -2,7 +2,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: |
diff --git a/module/README.md b/module/README.md
index 6292b37..c916902 100644
--- a/module/README.md
+++ b/module/README.md
@@ -579,6 +579,32 @@ list of string
 
 
 
+## pipeline\.github-actions\.checkoutAction
+
+
+
+The default checkout action to use for jobs
+
+
+
+*Type:*
+string
+
+
+
+*Default:*
+` "actions/checkout@v6" `
+
+
+
+*Example:*
+` "actions/checkout@v5" `
+
+*Declared by:*
+ - [interface\.nix](interface.nix)
+
+
+
 ## pipeline\.github-actions\.defaultRunsOn
 
 
diff --git a/module/interface.nix b/module/interface.nix
index bf87473..e4819c8 100644
--- a/module/interface.nix
+++ b/module/interface.nix
@@ -69,6 +69,13 @@ in
           description = "A function to transform job names";
         };
 
+        checkoutAction = lib.mkOption {
+          type = types.str;
+          default = "actions/checkout@v6";
+          description = "The default checkout action to use for jobs";
+          example = "actions/checkout@v5";
+        };
+
         file = lib.mkOption {
           internal = true;
           type = types.package;
diff --git a/module/jobs/github-actions/default.nix b/module/jobs/github-actions/default.nix
index 1028ab6..e947f03 100644
--- a/module/jobs/github-actions/default.nix
+++ b/module/jobs/github-actions/default.nix
@@ -1,6 +1,7 @@
 { lib, config, ... }:
 
 let
+  inherit (config.pipeline.github-actions) checkoutAction;
   enabledJobs = lib.filterAttrs (_: builtins.getAttr "enable") config.jobs;
 
   changes = lib.pipe enabledJobs [
@@ -17,7 +18,7 @@ in
         outputs.changes = "\${{ steps.diff.outputs.changes }}";
         runs-on = config.pipeline.github-actions.defaultRunsOn;
         steps = [
-          { uses = "actions/checkout@v4"; }
+          { uses = checkoutAction; }
           {
             id = "diff";
             shell = "bash";
diff --git a/module/jobs/job/github-actions.nix b/module/jobs/job/github-actions.nix
index f47d023..39c4bc8 100644
--- a/module/jobs/job/github-actions.nix
+++ b/module/jobs/job/github-actions.nix
@@ -8,7 +8,7 @@
 
 let
   inherit (rootConfig) jobs;
-  inherit (rootConfig.pipeline.github-actions) defaultRunsOn transformJobName;
+  inherit (rootConfig.pipeline.github-actions) defaultRunsOn transformJobName checkoutAction;
 
   needs = lib.pipe config.needs [
     (builtins.filter (need: jobs.${need.job}.enable))
@@ -24,7 +24,7 @@ in
       runs-on = lib.mkIf (defaultRunsOn != null) (lib.mkDefault defaultRunsOn);
 
       steps = lib.mkMerge [
-        (lib.mkIf config.checkout (lib.mkBefore [ { uses = "actions/checkout@v4"; } ]))
+        (lib.mkIf config.checkout (lib.mkBefore [ { uses = checkoutAction; } ]))
         (lib.mkAfter (map (command: { run = command; }) config.commands))
       ];
     }
diff --git a/module/tests/github-actions/job.nix b/module/tests/github-actions/job.nix
index 61572fe..6340f84 100644
--- a/module/tests/github-actions/job.nix
+++ b/module/tests/github-actions/job.nix
@@ -13,7 +13,7 @@
       jobs.job1 = {
         runs-on = "ubuntu-latest";
         steps = [
-          { uses = "actions/checkout@v4"; }
+          { uses = "actions/checkout@v6"; }
           { run = "echo 'Run your script here'"; }
         ];
       };
@@ -33,11 +33,11 @@
     expected = {
       jobs = {
         job_a = {
-          steps = [ { uses = "actions/checkout@v4"; } ];
+          steps = [ { uses = "actions/checkout@v6"; } ];
         };
         job_b = {
           needs = [ "job_a" ];
-          steps = [ { uses = "actions/checkout@v4"; } ];
+          steps = [ { uses = "actions/checkout@v6"; } ];
         };
       };
     };
@@ -57,11 +57,11 @@
     expected = {
       jobs = {
         job-a = {
-          steps = [ { uses = "actions/checkout@v4"; } ];
+          steps = [ { uses = "actions/checkout@v6"; } ];
         };
         job-c = {
           needs = [ "job-a" ];
-          steps = [ { uses = "actions/checkout@v4"; } ];
+          steps = [ { uses = "actions/checkout@v6"; } ];
         };
       };
     };
@@ -75,11 +75,11 @@
     expected = {
       jobs = {
         job-a = {
-          steps = [ { uses = "actions/checkout@v4"; } ];
+          steps = [ { uses = "actions/checkout@v6"; } ];
         };
         job-b = {
           needs = [ "job-a" ];
-          steps = [ { uses = "actions/checkout@v4"; } ];
+          steps = [ { uses = "actions/checkout@v6"; } ];
         };
       };
     };
@@ -91,7 +91,7 @@
     };
 
     expected = {
-      jobs.job-a.steps = [ { uses = "actions/checkout@v4"; } ];
+      jobs.job-a.steps = [ { uses = "actions/checkout@v6"; } ];
     };
   };
 
@@ -105,9 +105,9 @@
 
     expected = {
       jobs = {
-        job-a.steps = [ { uses = "actions/checkout@v4"; } ];
+        job-a.steps = [ { uses = "actions/checkout@v6"; } ];
         job-b = {
-          steps = [ { uses = "actions/checkout@v4"; } ];
+          steps = [ { uses = "actions/checkout@v6"; } ];
           needs = [ "job-a" ];
         };
       };
@@ -142,7 +142,7 @@
           outputs.changes = "\${{ steps.diff.outputs.changes }}";
           runs-on = "ubuntu-latest";
           steps = [
-            { uses = "actions/checkout@v4"; }
+            { uses = "actions/checkout@v6"; }
             {
               id = "diff";
               shell = "bash";
@@ -157,14 +157,74 @@
           "if" = ''''${{ fromJSON(needs.changes.outputs.changes)['job-a'] == true }}'';
           runs-on = "ubuntu-latest";
           steps = [
-            { uses = "actions/checkout@v4"; }
+            { uses = "actions/checkout@v6"; }
           ];
         };
 
         job-b = {
           runs-on = "ubuntu-latest";
           steps = [
-            { uses = "actions/checkout@v4"; }
+            { uses = "actions/checkout@v6"; }
+          ];
+        };
+      };
+    };
+  };
+
+  test-github-actions-job-custom-checkout-action = {
+    expr = test-lib.eval-github-actions {
+      pipeline.github-actions.defaultRunsOn = "ubuntu-latest";
+      pipeline.github-actions.checkoutAction = "actions/checkout@v5";
+      jobs.job1 = {
+        checkout = true;
+        commands = [ "echo hello" ];
+      };
+    };
+    expected = {
+      jobs.job1 = {
+        runs-on = "ubuntu-latest";
+        steps = [
+          { uses = "actions/checkout@v5"; }
+          { run = "echo hello"; }
+        ];
+      };
+    };
+  };
+
+  test-github-actions-changes-job-uses-custom-checkout-action = {
+    expr = test-lib.eval-github-actions {
+      pipeline.github-actions.defaultRunsOn = "ubuntu-latest";
+      pipeline.github-actions.checkoutAction = "actions/checkout@v5";
+      jobs = {
+        job-a = {
+          branches.default = {
+            changes.paths = [ "src/**" ];
+            triggers.onMergeRequest = true;
+          };
+        };
+      };
+    };
+    expected = {
+      jobs = {
+        changes = {
+          outputs.changes = "\${{ steps.diff.outputs.changes }}";
+          runs-on = "ubuntu-latest";
+          steps = [
+            { uses = "actions/checkout@v5"; }
+            {
+              id = "diff";
+              shell = "bash";
+              env.PATHS = "job-a:src/**";
+              run = builtins.readFile ../../jobs/github-actions/diff-script;
+            }
+          ];
+        };
+        job-a = {
+          needs = [ "changes" ];
+          "if" = ''''${{ fromJSON(needs.changes.outputs.changes)['job-a'] == true }}'';
+          runs-on = "ubuntu-latest";
+          steps = [
+            { uses = "actions/checkout@v5"; }
           ];
         };
       };