build(deps): bump actions/checkout from 3.5.3 to 3.6.0 #104

	---
	name: SignSBOM

	on:
	pull_request:
	branches: [master]
	paths:
	- ".github/workflows/signsbom.yml"
	- "cyclonedx-lib/**"

	# Cancel existing runs if user makes another push.
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: ${{ github.event_name == 'pull_request' }}

	jobs:
	test_sbom_sign:
	name: sign_sbom
	runs-on: ubuntu-latest
	container:
	image: adoptopenjdk/centos7_build_image
	strategy:
	fail-fast: false
	steps:
	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	# Build with jdk17 to ensure TemurinSignSBOM meets min compatibility
	- uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
	id: setup-java
	with:
	java-version: 17
	distribution: 'temurin'

	- name: Build TemurinSignSBOM.java
	run: \|
	ant -noinput -buildfile cyclonedx-lib/build.xml clean
	ant -noinput -buildfile cyclonedx-lib/build.xml build-sign-sbom
	ant -noinput -buildfile cyclonedx-lib/build.xml build

	- name: Run TemurinSignSBOM Unit test
	run: \|
	ant -noinput -buildfile cyclonedx-lib/build.xml runSignAndVerifySBOM

	- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	name: Collect and Archive TemurinSignSBOM Artifacts
	with:
	name: testSBOM
	path: cyclonedx-lib/build/testSBOM.json

Provide feedback