From f9b51f25cd422876ac9b422a4995b7c6792d622f Mon Sep 17 00:00:00 2001 From: Leonardo Uieda Date: Fri, 16 Feb 2024 15:26:55 -0300 Subject: [PATCH 1/4] Use Dependabot to manage GitHub Actions The bot will open PRs to update versions of the Actions we use. Use version numbers instead of commits to make this easier. --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..6cd016a1 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From 5ed9d93befe95f9e021cbb020d5c3d042aeaa661 Mon Sep 17 00:00:00 2001 From: Leonardo Uieda Date: Fri, 16 Feb 2024 15:30:22 -0300 Subject: [PATCH 2/4] Update docs.yml Don't use commit hashes --- .github/workflows/docs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 81cef792..a0e1419b 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -36,7 +36,7 @@ jobs: # We pin the commit hash corresponding to v0.5.0, and not pinning the tag # because we are giving full access through the github.token. - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@148d9a848c6acaf90a3ec30bc5062f646f8a4163 + uses: styfle/cancel-workflow-action@0.12.1 with: access_token: ${{ github.token }} @@ -137,7 +137,7 @@ jobs: path: doc/_build/html - name: Checkout the gh-pages branch in a separate folder - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@v3 with: ref: gh-pages # Checkout to this folder instead of the current one From 014223b459689021ff7abaf0e9a2be60bbfa7ceb Mon Sep 17 00:00:00 2001 From: Leonardo Uieda Date: Fri, 16 Feb 2024 15:32:47 -0300 Subject: [PATCH 3/4] Update pypi.yml --- .github/workflows/pypi.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index 11fb69d9..59ee0d5f 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -110,7 +110,7 @@ jobs: - name: Publish to Test PyPI # Only publish to TestPyPI when a PR is merged (pushed to main) if: success() && github.event_name == 'push' - uses: pypa/gh-action-pypi-publish@bce3b74dbf8cc32833ffba9d15f83425c1a736e0 + uses: pypa/gh-action-pypi-publish@v1.8.11 with: user: __token__ password: ${{ secrets.TEST_PYPI_TOKEN}} @@ -122,7 +122,7 @@ jobs: - name: Publish to PyPI # Only publish to PyPI when a release triggers the build if: success() && github.event_name == 'release' - uses: pypa/gh-action-pypi-publish@bce3b74dbf8cc32833ffba9d15f83425c1a736e0 + uses: pypa/gh-action-pypi-publish@v1.8.11 with: user: __token__ password: ${{ secrets.PYPI_TOKEN}} From 89030e82a1d17e0bb5ee83dc8408209a7e3b3ab8 Mon Sep 17 00:00:00 2001 From: Leonardo Uieda Date: Fri, 16 Feb 2024 15:34:36 -0300 Subject: [PATCH 4/4] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f3cd287f..956308c1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -62,7 +62,7 @@ jobs: # We pin the commit hash corresponding to v0.5.0, and not pinning the tag # because we are giving full access through the github.token. - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@148d9a848c6acaf90a3ec30bc5062f646f8a4163 + uses: styfle/cancel-workflow-action@0.12.1 with: access_token: ${{ github.token }}