localstack
diff --git a/‎.github/actions/set-version/action.yml‎
Lines changed: 8 additions & 2 deletions b/‎.github/actions/set-version/action.yml‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 12 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 41 additions & 21 deletions b/‎.github/workflows/build.yml‎
Lines changed: 41 additions & 21 deletions
diff --git a/‎.github/workflows/dependabot-auto-merge.yml‎
Lines changed: 2 additions & 5 deletions b/‎.github/workflows/dependabot-auto-merge.yml‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎.github/workflows/pull-request-lint.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/pull-request-lint.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 49 additions & 27 deletions b/‎.github/workflows/release.yml‎
Lines changed: 49 additions & 27 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 2 deletions b/‎CONTRIBUTING.md‎
Lines changed: 2 additions & 2 deletions
@@ -1,10 +1,16 @@
 name: 'Set Version from Branch'
-description: 'Sets VERSION environment variable from the current branch name'
+description: 'Sets VERSION output from the current branch name'
+
+outputs:
+  version:
+    description: 'The version extracted from the branch name'
+    value: ${{ steps.set-version.outputs.version }}
 
 runs:
   using: composite
   steps:
     - name: Set version from branch name
+      id: set-version
       shell: bash
       run: |
         # GITHUB_HEAD_REF contains the source branch for PRs (e.g., "v1.2.5"), but is empty for pushes
@@ -30,5 +36,5 @@ runs:
           exit 1
         fi
 
-        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "version=$VERSION" >> $GITHUB_OUTPUT
         echo "Using version: $VERSION (from branch: $BRANCH_NAME)"
@@ -10,8 +10,20 @@ updates:
       - dependency-name: "*"
         update-types:
           - "version-update:semver-major"
+    cooldown:
+      default-days: 7
     groups:
       minor-patch:
         update-types:
           - "minor"
           - "patch"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    cooldown:
+      default-days: 7
+    commit-message:
+      prefix: "chore(ci)"
@@ -14,78 +14,98 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          cache: npm
+          cache: pnpm
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install --frozen-lockfile
 
       - name: Format
-        run: npx biome ci .
+        run: pnpm biome ci .
 
   lint:
     name: Lint
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          cache: npm
+          cache: pnpm
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install --frozen-lockfile
 
       - name: Lint
-        run: npx eslint
+        run: pnpm eslint
 
   type-check:
     name: Type Check
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          cache: npm
+          cache: pnpm
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install --frozen-lockfile
 
       - name: Type check
-        run: npx tsc
+        run: pnpm tsc
 
   test:
     name: Test
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          cache: npm
+          cache: pnpm
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install --frozen-lockfile
 
       - name: Compile
-        run: npx vsce package
+        run: pnpm vsce package
         env:
           LOCALSTACK_WEB_AUTH_REDIRECT: https://app.localstack.cloud/redirect
           NODE_ENV: ci
 
       - name: Test
-        run: xvfb-run -a npx vscode-test
+        run: xvfb-run -a pnpm vscode-test
@@ -1,7 +1,7 @@
 name: Auto merge Dependabot pull requests
 
 on:
-  pull_request_target:
+  pull_request:
     types:
       - labeled
       - opened
@@ -17,11 +17,8 @@ jobs:
   auto-merge:
     name: Auto merge Dependabot pull requests
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
       - name: Approve
         run: gh pr review "$PR_NUMBER" --approve
         env:
 
@@ -10,7 +10,7 @@ jobs:
     permissions:
       pull-requests: read
     steps:
-      - uses: amannn/action-semantic-pull-request@v6
+      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
 
@@ -5,10 +5,7 @@ on:
     branches:
       - main
 
-permissions:
-  contents: write
-  issues: write
-  pull-requests: write
+permissions: {}
 
 concurrency:
   group: release
@@ -18,37 +15,48 @@ jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          cache: npm
+          cache: pnpm
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install --frozen-lockfile
 
       - name: Compile
-        run: npx vsce package
+        run: pnpm vsce package
         env:
           LOCALSTACK_WEB_AUTH_REDIRECT: https://app.localstack.cloud/redirect
           NODE_ENV: ci
 
       - name: Test
-        run: xvfb-run -a npx vscode-test
+        run: xvfb-run -a pnpm vscode-test
 
   release:
     name: Release
     runs-on: ubuntu-latest
     needs: test
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
     outputs:
       release_created: ${{ steps.release.outputs.release_created }}
       tag_name: ${{ steps.release.outputs.tag_name }}
       version: ${{ steps.release.outputs.version }}
     steps:
-      - uses: googleapis/release-please-action@v4
+      - uses: googleapis/release-please-action@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 # v4.4.1
         id: release
         with:
           release-type: node
@@ -58,27 +66,34 @@ jobs:
     runs-on: ubuntu-latest
     needs: release
     if: ${{ needs.release.outputs.release_created == 'true' }}
+    permissions:
+      contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          cache: npm
+          cache: pnpm
 
       - name: Install dependencies
-        run: npm ci
+        run: pnpm install --frozen-lockfile
 
       - name: Build VSIX
-        run: npx vsce package
+        run: pnpm vsce package
         env:
           LOCALSTACK_WEB_AUTH_REDIRECT: https://app.localstack.cloud/redirect
           NODE_ENV: production
           ANALYTICS_API_URL: https://analytics.localstack.cloud/v1/events
 
       - name: Upload VSIX artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: vsix
           path: "*.vsix"
@@ -88,39 +103,45 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build, release]
     if: ${{ needs.release.outputs.release_created == 'true' }}
+    permissions:
+      contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+        with:
+          persist-credentials: false
 
       - name: Download VSIX
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:
           name: vsix
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
 
       - name: Upload Release Artifact
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh release upload ${{ needs.release.outputs.tag_name }} *.vsix
+          NEEDS_RELEASE_OUTPUTS_TAG_NAME: ${{ needs.release.outputs.tag_name }}
+        run: gh release upload ${NEEDS_RELEASE_OUTPUTS_TAG_NAME} *.vsix
 
   publish-vscode-marketplace:
     name: Publish to VS Marketplace
     runs-on: ubuntu-latest
     needs: [build, release]
     if: ${{ needs.release.outputs.release_created == 'true' }}
+    permissions: {}
     steps:
       - name: Download VSIX
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:
           name: vsix
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
 
       - name: Publish to VS Marketplace
-        run: npx @vscode/vsce publish --packagePath *.vsix
+        run: pnpm dlx @vscode/vsce publish --packagePath *.vsix
         env:
           VSCE_PAT: ${{ secrets.VSCE_PAT }}
 
@@ -129,16 +150,17 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build, release]
     if: ${{ needs.release.outputs.release_created == 'true' }}
+    permissions: {}
     steps:
       - name: Download VSIX
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:
           name: vsix
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
 
       - name: Publish to Open VSX
-        run: npx ovsx publish *.vsix -p $OVSX_PAT
+        run: pnpm dlx ovsx publish *.vsix -p $OVSX_PAT
         env:
           OVSX_PAT: ${{ secrets.OVSX_PAT }}
@@ -3,7 +3,7 @@
 ## Installation
 
 ```sh
-npm install
+pnpm install
 ```
 
 ## Configuration
@@ -26,7 +26,7 @@ To update the extension after making code changes, you need to regenerate the VS
 Run the following command in your project directory:
 
 ```sh
-npx vsce package
+pnpm vsce package
 ```
 
 This will build a new `.vsix` file in the directory (localstack-x.x.1.vsix).