diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 51c53f3..98596e5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,12 +4,6 @@ updates: directory: "/" schedule: interval: "daily" - cooldown: - default-days: 2 - groups: - crazy-max-dot-github: - patterns: - - "crazy-max/.github/*" labels: - "dependencies" - "bot" @@ -17,8 +11,6 @@ updates: directory: "/" schedule: interval: "daily" - cooldown: - default-days: 2 versioning-strategy: "increase" allow: - dependency-type: "production" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9093e8e..787fb27 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,5 @@ name: ci -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -34,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker Compose uses: ./ @@ -46,7 +43,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker Compose 1 uses: ./ @@ -59,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Uninstall docker cli run: | @@ -83,7 +80,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker Compose uses: ./ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 4728272..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: codeql - -permissions: - contents: read - -on: - push: - branches: - - 'main' - - 'releases/v*' - pull_request: - -env: - NODE_VERSION: "24" - -jobs: - analyze: - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - steps: - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Enable corepack - run: | - corepack enable - yarn --version - - - name: Set up Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - with: - languages: javascript-typescript - build-mode: none - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - with: - category: "/language:javascript-typescript" diff --git a/.github/workflows/pr-assign-author.yml b/.github/workflows/pr-assign-author.yml index 79e6137..f56fa03 100644 --- a/.github/workflows/pr-assign-author.yml +++ b/.github/workflows/pr-assign-author.yml @@ -4,14 +4,14 @@ permissions: contents: read on: - pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout + pull_request_target: types: - opened - reopened jobs: run: - uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0 + uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf permissions: contents: read pull-requests: write diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 57635a7..edad97f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,12 +1,5 @@ name: publish -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - on: release: types: @@ -22,7 +15,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Publish - uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 + uses: actions/publish-immutable-action@v0.0.4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fca92c4..10383ff 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,35 +1,42 @@ name: test -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: + workflow_dispatch: push: branches: - 'main' - 'releases/v*' pull_request: +env: + SETUP_BUILDX_VERSION: "edge" + jobs: test: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: ${{ env.SETUP_BUILDX_VERSION }} + driver: docker - name: Test - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: source: . targets: test - name: Upload coverage - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 + uses: codecov/codecov-action@v5 with: files: ./coverage/clover.xml token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml index 8b57b08..744588f 100644 --- a/.github/workflows/update-dist.yml +++ b/.github/workflows/update-dist.yml @@ -1,12 +1,5 @@ name: update-dist -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - on: pull_request: types: @@ -15,27 +8,27 @@ on: jobs: update-dist: - if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name + if: github.actor == 'dependabot[bot]' runs-on: ubuntu-latest steps: - name: GitHub auth token from GitHub App id: docker-read-app - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} owner: docker - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 0 - token: ${{ steps.docker-read-app.outputs.token }} + token: ${{ steps.docker-read-app.outputs.token || github.token }} - name: Build - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: source: . targets: build diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 82fb219..134070c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,32 +1,33 @@ name: validate -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: + workflow_dispatch: push: branches: - 'main' - 'releases/v*' pull_request: +env: + SETUP_BUILDX_VERSION: "edge" + jobs: prepare: runs-on: ubuntu-latest outputs: - matrix: ${{ steps.generate.outputs.matrix }} + targets: ${{ steps.generate.outputs.targets }} steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - - name: Generate matrix + name: List targets id: generate - uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action/subaction/list-targets@v6 with: target: validate @@ -37,10 +38,16 @@ jobs: strategy: fail-fast: false matrix: - include: ${{ fromJson(needs.prepare.outputs.matrix) }} + target: ${{ fromJson(needs.prepare.outputs.targets) }} steps: + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: ${{ env.SETUP_BUILDX_VERSION }} + driver: docker - name: Validate - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: targets: ${{ matrix.target }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml deleted file mode 100644 index 1c30e91..0000000 --- a/.github/workflows/zizmor.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: zizmor - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: - push: - branches: - - 'main' - - 'releases/v*' - tags: - - 'v*' - pull_request: - -jobs: - zizmor: - uses: crazy-max/.github/.github/workflows/zizmor.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0 - permissions: - contents: read - security-events: write - with: - min-severity: medium - min-confidence: medium - persona: pedantic diff --git a/.github/zizmor.yml b/.github/zizmor.yml deleted file mode 100644 index 6415720..0000000 --- a/.github/zizmor.yml +++ /dev/null @@ -1,3 +0,0 @@ -rules: - secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783 - disable: true