diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3cb54c0..19cdeaa 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,12 +4,11 @@ updates: directory: "/" schedule: interval: "daily" - cooldown: - default-days: 2 - groups: - crazy-max-dot-github: - patterns: - - "crazy-max/.github/*" + ignore: + # ignore this dependency + # it seems a bug with dependabot as pining to commit sha should not + # trigger a new version similar to https://github.com/docker/buildx/pull/2222#issuecomment-1919092153 + - dependency-name: "docker/actions-toolkit" labels: - "dependencies" - "bot" @@ -17,8 +16,6 @@ updates: directory: "/" schedule: interval: "daily" - cooldown: - default-days: 2 allow: - dependency-type: "production" labels: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e804d0..4326cd8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,5 @@ name: ci -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -41,7 +38,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -61,7 +58,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -82,7 +79,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -109,7 +106,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -126,7 +123,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -146,7 +143,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Uninstall containerd if: matrix.containerd == 'containerd-tarball' @@ -163,13 +160,13 @@ jobs: docker run -d -p 5000:5000 --restart=always --name registry registry:2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@v3 with: driver: docker driver-opts: network=host - name: Build and push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@v6 with: context: ./test push: true @@ -190,7 +187,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -202,13 +199,13 @@ jobs: docker run -d -p 5000:5000 --restart=always --name registry registry:2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@v3 with: driver: docker driver-opts: network=host - name: Build and push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@v6 with: context: ./test push: true @@ -224,7 +221,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -245,7 +242,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -262,7 +259,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -287,7 +284,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker id: setup_docker @@ -316,7 +313,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ @@ -338,7 +335,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up Docker uses: ./ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 843bacd..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: codeql - -permissions: - contents: read - -on: - push: - branches: - - 'master' - - 'releases/v*' - pull_request: - -env: - NODE_VERSION: "24" - -jobs: - analyze: - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - steps: - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Enable corepack - run: | - corepack enable - yarn --version - - - name: Set up Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - with: - languages: javascript-typescript - build-mode: none - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - with: - category: "/language:javascript-typescript" diff --git a/.github/workflows/pr-assign-author.yml b/.github/workflows/pr-assign-author.yml index 79e6137..f56fa03 100644 --- a/.github/workflows/pr-assign-author.yml +++ b/.github/workflows/pr-assign-author.yml @@ -4,14 +4,14 @@ permissions: contents: read on: - pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout + pull_request_target: types: - opened - reopened jobs: run: - uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0 + uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf permissions: contents: read pull-requests: write diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 57635a7..edad97f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,12 +1,5 @@ name: publish -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - on: release: types: @@ -22,7 +15,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Publish - uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 + uses: actions/publish-immutable-action@v0.0.4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2fc36be..a87fe3f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,8 +1,5 @@ name: test -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -20,16 +17,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Test - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: - source: . targets: test - name: Upload coverage - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 + uses: codecov/codecov-action@v5 with: + source: . files: ./coverage/clover.xml token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml index 8b57b08..744588f 100644 --- a/.github/workflows/update-dist.yml +++ b/.github/workflows/update-dist.yml @@ -1,12 +1,5 @@ name: update-dist -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - on: pull_request: types: @@ -15,27 +8,27 @@ on: jobs: update-dist: - if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name + if: github.actor == 'dependabot[bot]' runs-on: ubuntu-latest steps: - name: GitHub auth token from GitHub App id: docker-read-app - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} owner: docker - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 0 - token: ${{ steps.docker-read-app.outputs.token }} + token: ${{ steps.docker-read-app.outputs.token || github.token }} - name: Build - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: source: . targets: build diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 2657986..ae6f92e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,8 +1,5 @@ name: validate -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -18,15 +15,15 @@ jobs: prepare: runs-on: ubuntu-latest outputs: - matrix: ${{ steps.generate.outputs.matrix }} + targets: ${{ steps.generate.outputs.targets }} steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - - name: Generate matrix + name: List targets id: generate - uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action/subaction/list-targets@v6 with: target: validate @@ -37,10 +34,10 @@ jobs: strategy: fail-fast: false matrix: - include: ${{ fromJson(needs.prepare.outputs.matrix) }} + target: ${{ fromJson(needs.prepare.outputs.targets) }} steps: - name: Validate - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: targets: ${{ matrix.target }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml deleted file mode 100644 index a485e93..0000000 --- a/.github/workflows/zizmor.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: zizmor - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: - push: - branches: - - 'master' - - 'releases/v*' - tags: - - 'v*' - pull_request: - -jobs: - zizmor: - uses: crazy-max/.github/.github/workflows/zizmor.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0 - permissions: - contents: read - security-events: write - with: - min-severity: medium - min-confidence: medium - persona: pedantic diff --git a/.github/zizmor.yml b/.github/zizmor.yml deleted file mode 100644 index 6415720..0000000 --- a/.github/zizmor.yml +++ /dev/null @@ -1,3 +0,0 @@ -rules: - secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783 - disable: true diff --git a/README.md b/README.md index 80a64ed..f15b813 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ jobs: steps: - name: Set up Docker - uses: docker/setup-docker-action@v5 + uses: docker/setup-docker-action@v4 ``` ### Daemon configuration @@ -74,7 +74,7 @@ jobs: steps: - name: Set up Docker - uses: docker/setup-docker-action@v5 + uses: docker/setup-docker-action@v4 with: daemon-config: | { @@ -102,7 +102,7 @@ jobs: steps: - name: Set up Docker - uses: docker/setup-docker-action@v5 + uses: docker/setup-docker-action@v4 env: LIMA_START_ARGS: --cpus 4 --memory 8 ```