From bcd8bb1829376c4ed0dbe07fbc980866d6d43684 Mon Sep 17 00:00:00 2001 From: Russell Keith-Magee Date: Thu, 11 Jul 2024 10:56:42 +0800 Subject: [PATCH] Pin specific versions of CI actions. --- .github/dependabot.yml | 18 ++++++++++++++++++ .github/workflows/ci.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..3b302bb793 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates on Sunday, 8PM UTC + interval: "weekly" + day: "sunday" + time: "20:00" + + - package-ecosystem: "pip" + directory: "/" + schedule: + # Check for updates on Sunday, 8PM UTC + interval: "weekly" + day: "sunday" + time: "20:00" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fc2017dc5d..b9b1e47709 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,9 +9,9 @@ jobs: runs-on: ubuntu-latest if: contains(github.event.pull_request.labels.*.name, 'preview') steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.7 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v5.1.0 with: python-version: '3.X' - name: Install dependencies diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 70d90ed386..1ed0457346 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,9 +9,9 @@ jobs: name: Publish site runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4.1.7 - name: Set up Python - uses: actions/setup-python@v1 + uses: actions/setup-python@v5.1.0 with: python-version: "3.X" - name: Install dependencies