diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index b1d9c0f..a6e69e7 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -2,17 +2,22 @@ name: Run codecov on: push: - branches: [main] + branches: + - main pull_request: jobs: run: runs-on: ubuntu-latest timeout-minutes: 5 + permissions: + contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: 3.12 - name: Install dependencies @@ -24,7 +29,7 @@ jobs: run: | pytest --cov=./slack_cli_hooks/ --cov-report=xml - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true @@ -38,9 +43,11 @@ jobs: timeout-minutes: 5 steps: - name: Setup repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Report health score - uses: slackapi/slack-health-score@v0 + uses: slackapi/slack-health-score@d58a419f15cdaff97e9aa7f09f95772830ab66f7 # v0.1.1 with: codecov_token: ${{ secrets.FILS_CODECOV_API_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/flake8.yml b/.github/workflows/flake8.yml index 1ede258..b8f4a32 100644 --- a/.github/workflows/flake8.yml +++ b/.github/workflows/flake8.yml @@ -2,7 +2,8 @@ name: Run flake8 validation on: push: - branches: [main] + branches: + - main pull_request: jobs: @@ -12,10 +13,14 @@ jobs: strategy: matrix: python-version: ["3.12"] + permissions: + contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ matrix.python-version }} - name: Run flake8 verification diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml index c3a86eb..e9377a7 100644 --- a/.github/workflows/mypy.yml +++ b/.github/workflows/mypy.yml @@ -2,7 +2,8 @@ name: Run mypy validation on: push: - branches: [main] + branches: + - main pull_request: jobs: @@ -12,10 +13,14 @@ jobs: strategy: matrix: python-version: ["3.12"] + permissions: + contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ matrix.python-version }} - name: Run mypy verification diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 06a5a99..6e812a3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,15 +2,20 @@ name: Upload A Release To Pypi on: release: - types: [published] + types: + - published jobs: deploy: runs-on: ubuntu-latest + permissions: + contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: "3.x" - name: Install dependencies diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e61038c..0225890 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -2,7 +2,8 @@ name: Run all the unit tests on: push: - branches: [main] + branches: + - main pull_request: jobs: @@ -12,10 +13,14 @@ jobs: strategy: matrix: python-version: ["3.9", "3.10", "3.11", "3.12", "pypy3.10"] + permissions: + contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index cc360f2..b37c134 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -9,15 +9,14 @@ on: schedule: - cron: "0 0 * * 1" -permissions: - issues: write - pull-requests: write - jobs: stale: runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: days-before-issue-stale: 30 days-before-issue-close: 10