From df44370ee524eff8f5c18948b3f353d98fd7f336 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Thu, 30 Apr 2026 23:51:46 +0100 Subject: [PATCH] GitHub Actions: Update config --- .github/dependabot.yml | 4 ++- .github/release-drafter.yml | 1 - .github/workflows/dependabot-auto-merge.yml | 31 +++++++++++----- .github/workflows/lint-actions.yml | 28 +++++++++++++++ .github/workflows/publish.yml | 17 --------- .github/workflows/release-drafter.yml | 8 ++--- .github/workflows/test.yml | 24 ++++++++----- README.md | 40 ++++++++++++--------- 8 files changed, 94 insertions(+), 59 deletions(-) delete mode 100644 .github/release-drafter.yml create mode 100644 .github/workflows/lint-actions.yml delete mode 100644 .github/workflows/publish.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bc9a4d5..2c1c7fe 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,4 +4,6 @@ updates: - package-ecosystem: github-actions directory: / schedule: - interval: weekly + interval: daily + cooldown: + default-days: 3 diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml deleted file mode 100644 index 0d0b1c9..0000000 --- a/.github/release-drafter.yml +++ /dev/null @@ -1 +0,0 @@ -_extends: .github diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 9b2bc67..1ad4372 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -1,3 +1,5 @@ +# Taken from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enabling-automerge-on-a-pull-request +# and https://github.com/dependabot/fetch-metadata/blob/06ea45a2e4582d87b11f03c7ce596ae3261f39f6/README.md?plain=1#L133-L160 name: Dependabot Auto-merge on: @@ -9,14 +11,25 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true -permissions: {} +permissions: + contents: write + pull-requests: write jobs: - dependabot: - permissions: - contents: write - pull-requests: write - uses: typisttech/.github/.github/workflows/dependabot-auto-merge.yml@v3 - with: - minor: true - patch: true + auto-merge-pull-request: + runs-on: ubuntu-latest + if: github.event.pull_request.user.login == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - if: | + (steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor') + || (steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch') + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/lint-actions.yml b/.github/workflows/lint-actions.yml new file mode 100644 index 0000000..3332885 --- /dev/null +++ b/.github/workflows/lint-actions.yml @@ -0,0 +1,28 @@ +# Taken from https://github.com/typisttech/.github/blob/8c3b859e35165a6e81a660713be195ec61d2ca1d/.github/workflows/lint-actions.yml +name: Lint GitHub Actions + +on: + pull_request: + branches: + - main + push: + branches: + - main + workflow_call: + +permissions: + contents: read + +jobs: + actionlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + sparse-checkout: .github + + - name: Check workflow files + uses: docker://rhysd/actionlint:latest + with: + args: -color diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index cbf37ca..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Publish - -on: - release: - types: - - published - -jobs: - publish: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - uses: actions/checkout@v6 - - uses: actions/publish-action@v0.4.0 - with: - source-tag: ${{ github.ref_name }} diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index e7ce716..8ec2df9 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -1,17 +1,15 @@ name: Release Drafter on: - workflow_dispatch: push: branches: - main + workflow_call: concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true -permissions: {} - jobs: release-drafter: runs-on: ubuntu-latest @@ -19,6 +17,4 @@ jobs: contents: write pull-requests: read steps: - - uses: release-drafter/release-drafter@v6 - env: - GITHUB_TOKEN: ${{ github.token }} + - uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7.2.1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f2a66c4..26c9d83 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -40,7 +40,7 @@ jobs: - caret-7-3 - exactly-7-3-5 - complex - verify-attestation: + verify-attestation: - false include: - runs-on: ubuntu-24.04-arm @@ -68,14 +68,19 @@ jobs: case: complex verify-attestation: true steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false path: local-action - name: Create fake composer.json run: | - mkdir -p $(dirname ${{ matrix.composer-json }}) - cp local-action/testdata/${{ matrix.case }}.composer.json ${{ matrix.composer-json }} + DIR=$(dirname "$COMPOSER_JSON") + mkdir -p "${DIR}" + cp "local-action/testdata/${CASE}.composer.json" "${COMPOSER_JSON}" + env: + COMPOSER_JSON: ${{ matrix.composer-json }} + CASE: ${{ matrix.case }} - uses: ./local-action id: subject @@ -100,8 +105,9 @@ jobs: outputs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false path: local-action - uses: ./local-action @@ -147,8 +153,9 @@ jobs: - missing-php - missing-require steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false path: local-action - name: Create fake composer.json @@ -169,7 +176,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - mode: + mode: - minor-only - full source: @@ -177,8 +184,9 @@ jobs: - php.net - offline steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false path: local-action - name: Ensure no composer.json diff --git a/README.md b/README.md index bc323b3..2680e69 100644 --- a/README.md +++ b/README.md @@ -38,13 +38,13 @@ See [action.yml](action.yml) and the underlying script [`typisttech/php-matrix`](https://github.com/typisttech/php-matrix/#options). ```yaml - - uses: typisttech/php-matrix-action@v2 + - uses: typisttech/php-matrix-action@ee26ae37ffb37246b9a3912b71d95b661ad341b8 # v2.0.8 with: # Path to composer.json # # Default: composer.json composer-json: some/path/to/composer.json - + # Version format. # # Available modes: @@ -68,9 +68,9 @@ See [action.yml](action.yml) and the underlying script [`typisttech/php-matrix`] source: offline # PHP Matrix version. - # + # # The version of [php-matrix] to use. Leave blank for latest. For example: v1.0.2 - # + # # [php-matrix]: https://github.com/typisttech/php-matrix # # Default: '' @@ -124,12 +124,13 @@ jobs: outputs: versions: ${{ steps.php-matrix.outputs.versions }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: sparse-checkout: composer.json sparse-checkout-cone-mode: false + persist-credentials: false - - uses: typisttech/php-matrix-action@v2 + - uses: typisttech/php-matrix-action@ee26ae37ffb37246b9a3912b71d95b661ad341b8 # v2.0.8 id: php-matrix test: @@ -139,8 +140,10 @@ jobs: matrix: php-version: ${{ fromJSON(needs.php-matrix.outputs.versions) }} steps: - - uses: actions/checkout@v5 - - uses: shivammathur/setup-php@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # master with: php-version: ${{ matrix.php-version }} - run: composer install @@ -161,12 +164,13 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 - - - uses: typisttech/php-matrix-action@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - uses: typisttech/php-matrix-action@ee26ae37ffb37246b9a3912b71d95b661ad341b8 # v2.0.8 id: php-matrix - - uses: shivammathur/setup-php@v2 + - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # master with: php-version: ${{ steps.php-matrix.outputs.highest }} @@ -192,12 +196,13 @@ jobs: highest: ${{ steps.php-matrix.outputs.highest }} lowest: ${{ steps.php-matrix.outputs.lowest }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: sparse-checkout: composer.json sparse-checkout-cone-mode: false + persist-credentials: false - - uses: typisttech/php-matrix-action@v2 + - uses: typisttech/php-matrix-action@ee26ae37ffb37246b9a3912b71d95b661ad341b8 # v2.0.8 id: php-matrix composer-audit: @@ -215,18 +220,19 @@ jobs: env: COMPOSER_NO_AUDIT: 1 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: sparse-checkout: | composer.json composer.lock sparse-checkout-cone-mode: false + persist-credentials: false - - uses: shivammathur/setup-php@v2 + - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # master with: php-version: ${{ matrix.php-version }} coverage: none - - uses: ramsey/composer-install@v3 + - uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 with: dependency-versions: ${{ matrix.dependency-versions }}