Skip to content

Commit b462229

Browse files
miroslavpojermiroslavpojer
committed
Update GitHub Actions workflows to use specific versions of actions and add Dependabot configuration (#214)
1 parent a6358f8 commit b462229

File tree

8 files changed

+95
-27
lines changed

8 files changed

+95
-27
lines changed

.github/dependabot.yml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
5+
target-branch: "master"
6+
schedule:
7+
interval: "weekly"
8+
day: "sunday"
9+
labels:
10+
- "auto update"
11+
- "infrastructure"
12+
- "no RN"
13+
open-pull-requests-limit: 3
14+
commit-message:
15+
prefix: "chore"
16+
include: "scope"
17+
18+
- package-ecosystem: "pip"
19+
directory: "/"
20+
target-branch: "master"
21+
schedule:
22+
interval: "weekly"
23+
day: "sunday"
24+
labels:
25+
- "auto update"
26+
- "infrastructure"
27+
- "no RN"
28+
open-pull-requests-limit: 3
29+
commit-message:
30+
prefix: "chore"
31+
include: "scope"
32+
allow:
33+
- dependency-type: "direct"

.github/workflows/check_pr_release_notes.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,12 +26,12 @@ jobs:
2626
runs-on: ubuntu-latest
2727

2828
steps:
29-
- uses: actions/setup-python@v6
29+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
3030
with:
3131
python-version: '3.13'
3232

3333
- name: Check presence of release notes in PR description
34-
uses: AbsaOSS/release-notes-presence-check@v0.4.0
34+
uses: AbsaOSS/release-notes-presence-check@8e586b26a5e27f899ee8590a5d988fd4780a3dbf
3535
env:
3636
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3737
with:

.github/workflows/dependabot.yml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
# NOTE: This workflow expects that branch protection rules require all checks to pass before merging.
2+
# Auto-merge will only occur if all required status checks and reviews are successful.
3+
4+
name: Dependabot auto-approve and auto-merge
5+
on:
6+
pull_request:
7+
types: [opened, synchronize]
8+
9+
permissions:
10+
contents: write
11+
pull-requests: write
12+
13+
jobs:
14+
dependabot:
15+
name: Auto-approve and auto-merge Dependabot PRs
16+
runs-on: ubuntu-latest
17+
if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'AbsaOSS/generate-release-notes'
18+
steps:
19+
- name: Dependabot metadata
20+
id: metadata
21+
uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b
22+
with:
23+
github-token: "${{ secrets.GITHUB_TOKEN }}"
24+
- name: Approve a PR
25+
run: gh pr review --approve "$PR_URL"
26+
env:
27+
PR_URL: ${{ github.event.pull_request.html_url }}
28+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
29+
- name: Enable auto-merge for Dependabot PRs
30+
if: startsWith(steps.metadata.outputs.update-type, 'version-update') || startsWith(steps.metadata.outputs.update-type, 'security')
31+
run: gh pr merge --auto --squash "$PR_URL"
32+
continue-on-error: true
33+
env:
34+
PR_URL: ${{ github.event.pull_request.html_url }}
35+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release_draft.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -29,18 +29,18 @@ jobs:
2929
release-draft:
3030
runs-on: ubuntu-latest
3131
steps:
32-
- uses: actions/checkout@v6
32+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
3333
with:
3434
fetch-depth: 0
3535
persist-credentials: false
3636

37-
- uses: actions/setup-python@v6
37+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
3838
with:
3939
python-version: '3.13'
4040

4141
- name: Check Format of Received Tag
4242
id: check-version-tag
43-
uses: AbsaOSS/version-tag-check@v0.3.0
43+
uses: AbsaOSS/version-tag-check@36496be76eab24e1f14d45d3b8292311a2aebaaa
4444
env:
4545
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4646
with:
@@ -50,7 +50,7 @@ jobs:
5050
- name: Check Format of Received From Tag
5151
if: ${{ github.event.inputs.from-tag-name }}
5252
id: check-version-from-tag
53-
uses: AbsaOSS/version-tag-check@v0.3.0
53+
uses: AbsaOSS/version-tag-check@36496be76eab24e1f14d45d3b8292311a2aebaaa
5454
env:
5555
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5656
with:
@@ -60,7 +60,7 @@ jobs:
6060

6161
- name: Generate Release Notes
6262
id: generate_release_notes
63-
uses: AbsaOSS/generate-release-notes@v1
63+
uses: AbsaOSS/generate-release-notes@B90223510d1704301a36a36f0d86a72a0e72f0cf
6464
env:
6565
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6666
with:
@@ -88,7 +88,7 @@ jobs:
8888
hierarchy: true
8989

9090
- name: Create and Push Tag
91-
uses: actions/github-script@v8
91+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
9292
with:
9393
script: |
9494
const tag = core.getInput('tag-name')
@@ -107,7 +107,7 @@ jobs:
107107
tag-name: ${{ github.event.inputs.tag-name }}
108108

109109
- name: Create Draft Release
110-
uses: softprops/action-gh-release@v2
110+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
111111
env:
112112
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
113113
with:

.github/workflows/test.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,12 @@ jobs:
2727
name: Pylint Static Code Analysis
2828
steps:
2929
- name: Checkout repository
30-
uses: actions/checkout@v4
30+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
3131
with:
3232
persist-credentials: false
3333

3434
- name: Set up Python
35-
uses: actions/setup-python@v5
35+
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
3636
with:
3737
python-version: '3.11'
3838
cache: 'pip'
@@ -64,12 +64,12 @@ jobs:
6464
name: Black Format Check
6565
steps:
6666
- name: Checkout repository
67-
uses: actions/checkout@v4.1.5
67+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
6868
with:
6969
persist-credentials: false
7070

7171
- name: Set up Python
72-
uses: actions/setup-python@v5.1.0
72+
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
7373
with:
7474
python-version: '3.11'
7575
cache: 'pip'
@@ -92,12 +92,12 @@ jobs:
9292
shell: bash
9393

9494
steps:
95-
- uses: actions/checkout@v4
95+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
9696
with:
9797
fetch-depth: 0
9898
persist-credentials: false
9999

100-
- uses: actions/setup-python@v5
100+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
101101
with:
102102
python-version: '3.11'
103103
cache: 'pip'
@@ -117,12 +117,12 @@ jobs:
117117
name: Mypy Type Check
118118
steps:
119119
- name: Checkout repository
120-
uses: actions/checkout@v4.1.5
120+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
121121
with:
122122
persist-credentials: false
123123

124124
- name: Set up Python
125-
uses: actions/setup-python@v5.1.0
125+
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
126126
with:
127127
python-version: '3.11'
128128
cache: 'pip'

.github/workflows/update_v1_tag.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
runs-on: ubuntu-latest
1212
steps:
1313
- name: Checkout repo
14-
uses: actions/checkout@v4
14+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
1515
with:
1616
fetch-depth: 0
1717

examples/check_pr_release_notes.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,12 @@ jobs:
1515
runs-on: {your-runner}
1616

1717
steps:
18-
- uses: actions/setup-python@v5.1.1
18+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
1919
with:
2020
python-version: '3.11'
2121

2222
- name: Check presence of release notes in PR description
23-
uses: AbsaOSS/release-notes-presence-check@v0.1.0
23+
uses: AbsaOSS/release-notes-presence-check@8e586b26a5e27f899ee8590a5d988fd4780a3dbf
2424
env:
2525
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2626
with:

examples/release_draft.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,18 +15,18 @@ jobs:
1515
runs-on: {your-runner}
1616

1717
steps:
18-
- uses: actions/checkout@v4
18+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
1919
with:
2020
fetch-depth: 0
2121
persist-credentials: false
2222

23-
- uses: actions/setup-python@v5.1.1
23+
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
2424
with:
2525
python-version: '3.11'
2626

2727
- name: Check format of received tag
2828
id: check-version-tag
29-
uses: AbsaOSS/version-tag-check@v0.3.0
29+
uses: AbsaOSS/version-tag-check@36496be76eab24e1f14d45d3b8292311a2aebaaa
3030
env:
3131
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3232
with:
@@ -36,7 +36,7 @@ jobs:
3636
- name: Check format of received from tag
3737
if: ${{ github.event.inputs.from-tag-name }}
3838
id: check-version-from-tag
39-
uses: AbsaOSS/version-tag-check@v0.3.0
39+
uses: AbsaOSS/version-tag-check@36496be76eab24e1f14d45d3b8292311a2aebaaa
4040
env:
4141
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4242
with:
@@ -46,7 +46,7 @@ jobs:
4646

4747
- name: Generate Release Notes
4848
id: generate_release_notes
49-
uses: AbsaOSS/generate-release-notes@v0.6.0
49+
uses: AbsaOSS/generate-release-notes@B90223510d1704301a36a36f0d86a72a0e72f0cf
5050
env:
5151
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5252
with:
@@ -68,7 +68,7 @@ jobs:
6868
print-empty-chapters: true
6969

7070
- name: Create and Push Tag
71-
uses: actions/github-script@v7
71+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
7272
with:
7373
script: |
7474
const tag = core.getInput('tag-name')
@@ -87,7 +87,7 @@ jobs:
8787
tag-name: ${{ github.event.inputs.tag-name }}
8888

8989
- name: Create Draft Release
90-
uses: softprops/action-gh-release@v1
90+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
9191
env:
9292
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9393
with:

0 commit comments

Comments
 (0)