diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..c75e875 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 21fa919..a011f1a 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -17,12 +17,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: 18.17.1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5cefad5..d3579cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,11 +11,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 2 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: '18.17.1' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ce63ad9..ad1bf66 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,12 +17,12 @@ jobs: id-token: write steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: '18.17.1' cache: 'yarn' @@ -32,7 +32,7 @@ jobs: - name: Create release Pull Request or publish to NPM id: changesets - uses: changesets/action@v1 + uses: changesets/action@06245a4e0a36c064a573d4150030f5ec548e4fcc # v1.4.10 with: publish: yarn release env: diff --git a/.github/workflows/snapit.yml b/.github/workflows/snapit.yml index ebd4bb3..561bd94 100644 --- a/.github/workflows/snapit.yml +++ b/.github/workflows/snapit.yml @@ -16,29 +16,29 @@ jobs: runs-on: ubuntu-latest steps: - name: Enforce permission requirement - uses: prince-chrismc/check-actor-permissions-action@v1 + uses: prince-chrismc/check-actor-permissions-action@72c9eb81384517cbc49d765edc200af3131897ce # v1.0.0 with: permission: write - name: Add initial reaction - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 with: comment-id: ${{ github.event.comment.id }} reactions: eyes - name: Get PR branch - uses: xt0rted/pull-request-comment-branch@v1 + uses: xt0rted/pull-request-comment-branch@653a7d5ca8bd91d3c5cb83286063314d0b063b8e # v1.4.0 id: comment-branch - name: Set latest commit status as pending - uses: myrotvorets/set-commit-status-action@master + uses: myrotvorets/set-commit-status-action@7b093ccbb10e14939b7a4ae2630fe4cbc67c0651 # v2.0.1 with: sha: ${{ steps.comment-branch.outputs.head_sha }} token: ${{ secrets.GITHUB_TOKEN }} status: pending - name: Validate pull request - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 id: pr_data env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -69,7 +69,7 @@ jobs: } - name: Checkout default branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Checkout pull request branch run: hub pr checkout ${{ github.event.issue.number }} @@ -83,7 +83,7 @@ jobs: fi - name: Setup Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: '18.17.1' @@ -99,7 +99,7 @@ jobs: EOF - name: Create and publish snapshot release - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 id: snapshot-release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -154,21 +154,21 @@ jobs: } - name: Add success reaction - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 if: ${{ steps.snapshot-release.outputs.succeeded == 'true' }} with: comment-id: ${{ github.event.comment.id }} reactions: rocket - name: Add failure reaction - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1 if: ${{ steps.snapshot-release.outputs.succeeded == 'false' }} with: comment-id: ${{ github.event.comment.id }} reactions: confused - name: Fail workflow if snapshot failed - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 if: ${{ steps.snapshot-release.outputs.succeeded == 'false' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -177,7 +177,7 @@ jobs: core.setFailed('No snapshot tags have been found') - name: Set latest commit status as ${{ job.status }} - uses: myrotvorets/set-commit-status-action@master + uses: myrotvorets/set-commit-status-action@7b093ccbb10e14939b7a4ae2630fe4cbc67c0651 # v2.0.1 if: always() with: sha: ${{ steps.comment-branch.outputs.head_sha }}