Skip to content

Commit 487fcec

Browse files
authored
Merge branch 'main' into fix/1674
2 parents 0ae22e7 + 3bc35af commit 487fcec

50 files changed

Lines changed: 1029 additions & 299 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/actions/setup-go/action.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ inputs:
88
runs:
99
using: composite
1010
steps:
11-
- uses: actions/setup-go@v6
11+
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
1212
with:
1313
go-version-file: ${{ inputs.working-directory }}/go.mod
1414
cache-dependency-path: |

.github/actions/setup-php/action.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ inputs:
88
runs:
99
using: composite
1010
steps:
11-
- uses: shivammathur/setup-php@v2
11+
- uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2
1212
with:
1313
php-version: ${{ inputs.php-version }}
1414
ini-file: development

.github/actions/watcher/action.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,14 +11,15 @@ runs:
1111
GH_TOKEN: ${{ github.token }}
1212
- name: Cache e-dant/watcher
1313
id: cache-watcher
14-
uses: actions/cache@v4
14+
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
1515
with:
1616
path: watcher/target
1717
key: watcher-${{ runner.os }}-${{ runner.arch }}-${{ steps.determine-watcher-version.outputs.version }}-${{ env.CC && env.CC || 'gcc' }}
1818
- if: steps.cache-watcher.outputs.cache-hit != 'true'
1919
name: Compile e-dant/watcher
2020
run: |
21-
mkdir watcher
21+
mkdir -p watcher
22+
rm -rf watcher/*
2223
gh release download --repo e-dant/watcher -A tar.gz -O - | tar -xz -C watcher --strip-components 1
2324
cd watcher
2425
cmake -S . -B build -DCMAKE_BUILD_TYPE=Release

.github/workflows/dependabot.yaml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
name: Dependabot Auto-Merge
2+
on:
3+
pull_request_target:
4+
branches:
5+
- main
6+
permissions: {}
7+
jobs:
8+
auto-merge:
9+
runs-on: ubuntu-latest
10+
environment: dependabot
11+
if: github.event.pull_request.user.login == 'dependabot[bot]'
12+
steps:
13+
# The default GITHUB_TOKEN lacks the `workflows` scope and is refused on
14+
# PRs that touch .github/workflows; use the release app token instead.
15+
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
16+
id: app-token
17+
with:
18+
app-id: ${{ vars.RELEASE_APP_ID }}
19+
private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
20+
permission-contents: write
21+
permission-pull-requests: write
22+
permission-workflows: write
23+
- name: Fetch Dependabot metadata
24+
id: metadata
25+
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
26+
with:
27+
github-token: ${{ steps.app-token.outputs.token }}
28+
# Only minor and patch GitHub Actions bumps auto-merge; majors and other
29+
# ecosystems wait for a human review.
30+
- name: Auto-merge minor and patch GitHub Actions updates
31+
if: steps.metadata.outputs.package-ecosystem == 'github_actions' && steps.metadata.outputs.update-type != 'version-update:semver-major'
32+
env:
33+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
34+
PR_URL: ${{ github.event.pull_request.html_url }}
35+
run: |
36+
gh pr review --approve "${PR_URL}"
37+
gh pr merge --auto --squash "${PR_URL}"

.github/workflows/docker.yaml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -52,12 +52,12 @@ jobs:
5252
ref: ${{ steps.check.outputs.ref || (github.ref_type == 'tag' && github.ref_name) || (github.event_name == 'workflow_dispatch' && inputs.version) || '' }}
5353
base_fingerprint: ${{ steps.check.outputs.base_fingerprint }}
5454
steps:
55-
- uses: actions/checkout@v6
55+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5656
with:
5757
fetch-depth: 0
5858
persist-credentials: false
5959
- name: Set up Docker Buildx
60-
uses: docker/setup-buildx-action@v4
60+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
6161
- name: Check PHP versions and base image fingerprint
6262
id: check
6363
env:
@@ -117,23 +117,23 @@ jobs:
117117
run: echo "sanitized_platform=${PLATFORM//\//-}" >> "${GITHUB_OUTPUT}"
118118
env:
119119
PLATFORM: ${{ matrix.platform }}
120-
- uses: actions/checkout@v6
120+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
121121
with:
122122
ref: ${{ needs.prepare.outputs.ref }}
123123
persist-credentials: false
124124
- name: Set up Docker Buildx
125-
uses: docker/setup-buildx-action@v4
125+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
126126
with:
127127
platforms: ${{ matrix.platform }}
128128
- name: Login to DockerHub
129-
uses: docker/login-action@v4
129+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
130130
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
131131
with:
132132
username: ${{ vars.DOCKERHUB_USERNAME }}
133133
password: ${{ secrets.DOCKERHUB_TOKEN }} # zizmor: ignore[secrets-outside-env] TODO: drop once super-linter ships zizmor >=1.24.0, then the allowlist in zizmor.yaml takes over
134134
- name: Build
135135
id: build
136-
uses: docker/bake-action@v7
136+
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
137137
with:
138138
pull: true
139139
load: ${{ !fromJson(needs.prepare.outputs.push) }}
@@ -174,15 +174,15 @@ jobs:
174174
VARIANT: ${{ matrix.variant }}
175175
- name: Upload builder metadata
176176
if: fromJson(needs.prepare.outputs.push)
177-
uses: actions/upload-artifact@v7
177+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
178178
with:
179179
name: metadata-builder-${{ matrix.variant }}-${{ steps.prepare.outputs.sanitized_platform }}
180180
path: /tmp/metadata/builder/*
181181
if-no-files-found: error
182182
retention-days: 1
183183
- name: Upload runner metadata
184184
if: fromJson(needs.prepare.outputs.push)
185-
uses: actions/upload-artifact@v7
185+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
186186
with:
187187
name: metadata-runner-${{ matrix.variant }}-${{ steps.prepare.outputs.sanitized_platform }}
188188
path: /tmp/metadata/runner/*
@@ -221,15 +221,15 @@ jobs:
221221
target: ["builder", "runner"]
222222
steps:
223223
- name: Download metadata
224-
uses: actions/download-artifact@v8
224+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
225225
with:
226226
pattern: metadata-${{ matrix.target }}-${{ matrix.variant }}-*
227227
path: /tmp/metadata
228228
merge-multiple: true
229229
- name: Set up Docker Buildx
230-
uses: docker/setup-buildx-action@v4
230+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
231231
- name: Login to DockerHub
232-
uses: docker/login-action@v4
232+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
233233
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
234234
with:
235235
username: ${{ vars.DOCKERHUB_USERNAME }}
@@ -257,7 +257,7 @@ jobs:
257257
METADATA: ${{ needs.prepare.outputs.metadata }}
258258
TARGET: ${{ matrix.target }}
259259
VARIANT: ${{ matrix.variant }}
260-
- uses: actions/attest@v4
260+
- uses: actions/attest@a1948c3f048ba23858d222213b7c278aabede763 # v4.1.1
261261
with:
262262
# docker.io/ prefix is required: actions/attest splits subject-name
263263
# on the first '/' to find the registry. We only push to Docker Hub.

.github/workflows/lint.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,12 +20,12 @@ jobs:
2020
runs-on: ubuntu-latest
2121
steps:
2222
- name: Checkout Code
23-
uses: actions/checkout@v6
23+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2424
with:
2525
fetch-depth: 0
2626
persist-credentials: false
2727
- name: Lint Code Base
28-
uses: super-linter/super-linter/slim@v8
28+
uses: super-linter/super-linter/slim@4ce20838b8ab83717e78138c5b3a1407148e0918 # v8.7.0
2929
env:
3030
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3131
LINTER_RULES_PATH: /

0 commit comments

Comments
 (0)