From ddc34384e9f725bc6bba8d5d4e18191e393cda92 Mon Sep 17 00:00:00 2001 From: John Boyes Date: Mon, 10 Aug 2020 14:36:11 +0700 Subject: [PATCH] Update dependencies in GitHub Actions automatically (#25) * Use pinned versions in GitHub Actions we consume To help ensure that our builds are idempotent and reproducible. * Keep actions dependencies up to date automatically Using [Dependabot for this][1] [1]: https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot --- .github/dependabot.yml | 11 +++++++++++ .github/workflows/check_semver_labels.yml | 2 +- .github/workflows/github_tag_and_release.yml | 6 +++--- .github/workflows/reviewdog.yml | 20 ++++++++++---------- .github/workflows/tests.yml | 14 +++++++------- 5 files changed, 32 insertions(+), 21 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..41d75b1 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +--- +# Set update schedule for GitHub Actions + +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every weekday + interval: "daily" diff --git a/.github/workflows/check_semver_labels.yml b/.github/workflows/check_semver_labels.yml index 1fe797b..733ed2e 100644 --- a/.github/workflows/check_semver_labels.yml +++ b/.github/workflows/check_semver_labels.yml @@ -15,7 +15,7 @@ jobs: name: Check for semantic version label runs-on: ubuntu-latest steps: - - uses: docker://agilepathway/pull-request-label-checker:latest + - uses: docker://agilepathway/pull-request-label-checker:v1.0.8 with: one_of: major,minor,patch repo_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/github_tag_and_release.yml b/.github/workflows/github_tag_and_release.yml index b4ffb29..401c679 100644 --- a/.github/workflows/github_tag_and_release.yml +++ b/.github/workflows/github_tag_and_release.yml @@ -27,17 +27,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v2.3.2 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v2.1.1 with: go-version: 1.14 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v2.1.1 with: version: latest args: release --rm-dist diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index c9ab0d8..9bdcbd0 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v2.3.2 - name: hadolint - uses: reviewdog/action-hadolint@v1 + uses: reviewdog/action-hadolint@v1.6.0 with: github_token: ${{ secrets.github_token }} reporter: github-check @@ -21,9 +21,9 @@ jobs: name: runner / yamllint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: yamllint - uses: reviewdog/action-yamllint@v1 + uses: reviewdog/action-yamllint@v1.1.0 with: github_token: ${{ secrets.github_token }} reporter: github-check @@ -32,9 +32,9 @@ jobs: name: runner / shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: shellcheck - uses: reviewdog/action-shellcheck@v1 + uses: reviewdog/action-shellcheck@v1.4.0 with: github_token: ${{ secrets.github_token }} reporter: github-check @@ -46,8 +46,8 @@ jobs: name: runner / misspell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: reviewdog/action-misspell@v1 + - uses: actions/checkout@v2.3.2 + - uses: reviewdog/action-misspell@v1.5.0 with: github_token: ${{ secrets.github_token }} reporter: github-check @@ -56,8 +56,8 @@ jobs: name: runner / languagetool runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: reviewdog/action-languagetool@v1 + - uses: actions/checkout@v2.3.2 + - uses: reviewdog/action-languagetool@v1.3.0 with: github_token: ${{ secrets.github_token }} reporter: github-check diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index cd45814..68c4316 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,7 +15,7 @@ jobs: name: Install latest version by default runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: Install Hoverfly uses: ./ with: @@ -34,7 +34,7 @@ jobs: env: HOVERFLY_VERSION: v1.2.0 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: Install Hoverfly uses: ./ with: @@ -52,7 +52,7 @@ jobs: env: HOVERFLY_VERSION: "1.2.0" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: Install Hoverfly uses: ./ with: @@ -68,7 +68,7 @@ jobs: name: Install fails when no runner GitHub workspace path provided runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: Install Hoverfly uses: ./ - name: Assert Hoverfly not installed @@ -81,7 +81,7 @@ jobs: name: Install fails when incorrect runner GitHub workspace path provided runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: Install Hoverfly uses: ./ with: # Invalid runner_github_workspace_path (must be {{ github.workspace}}) @@ -96,7 +96,7 @@ jobs: name: Enable https simulations runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: Install Hoverfly uses: ./ with: @@ -117,7 +117,7 @@ jobs: name: Verify https simulations will not work without script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2.3.2 - name: Install Hoverfly uses: ./ with: