Add workflow to check for GHA updates

.github/scripts/check-actions-updates.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+declare -i update_count=0
+
+tmp="$(mktemp)"
+readonly tmp
+
+function cleanup {
+    rm -f "$tmp"
+}
+
+trap cleanup EXIT
+
+set +o errexit
+npx actions-up --dry-run > "$tmp" 2>&1
+set -o errexit
+
+if grep -Fq 'would be updated' "$tmp"
+then
+    update_count="$(awk '/would be updated/ { print $1 }' "$tmp")"
+    declare -ri update_count
+fi
+
+if (( update_count > 0 ))
+then
+    echo "has-updates=true" >> "$GITHUB_OUTPUT"
+    echo "update-count=$update_count" >> "$GITHUB_OUTPUT"
+else
+    echo "has-updates=false" >> "$GITHUB_OUTPUT"
+    echo "update-count=0" >> "$GITHUB_OUTPUT"
+fi

.github/workflows/check-actions-updates.yml

@@ -0,0 +1,27 @@
+name: Check-Actions-Updates
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 16 * * 2' # Runs Tuesdays at 16:00 UTC
+
+permissions:
+  contents: read
+
+jobs:
+  check-actions:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - id: actions-check
+        run: ${{ github.workspace }}/.github/scripts/check-actions-updates.sh
+      - if: steps.actions-check.outputs.has-updates == 'true'
+        run: |
+          echo "::error:: Found ${{ steps.actions-check.outputs.update-count }} outdated GitHub Actions. Please update them before merging."
+          echo "You can update them by running: npx actions-up"
+          echo "Or manually update the versions in your workflows."
+          exit 1