From 0ee5cadb69110d7b31aa3703151f4c1a7ef91a05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Oct 2022 21:10:52 +0000 Subject: [PATCH 01/19] github-actions(deps): bump ergebnis/.github from 1.5.1 to 1.7.0 Bumps ergebnis/.github from 1.5.1 to 1.7.0. --- updated-dependencies: - dependency-name: ergebnis/.github dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/merge.yaml | 8 ++++---- .github/workflows/release.yaml | 2 +- .github/workflows/triage.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index 18d55b8..ed31553 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -24,23 +24,23 @@ jobs: steps: - name: "Request review from @ergebnis-bot" - uses: "ergebnis/.github/actions/github/pull-request/request-review@1.5.1" + uses: "ergebnis/.github/actions/github/pull-request/request-review@1.7.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" reviewer: "ergebnis-bot" - name: "Assign @ergebnis-bot" - uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.5.1" + uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.7.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" assignee: "ergebnis-bot" - name: "Approve pull request" - uses: "ergebnis/.github/actions/github/pull-request/approve@1.5.1" + uses: "ergebnis/.github/actions/github/pull-request/approve@1.7.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" - name: "Merge pull request" - uses: "ergebnis/.github/actions/github/pull-request/merge@1.5.1" + uses: "ergebnis/.github/actions/github/pull-request/merge@1.7.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 87f7977..957f35e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,6 +15,6 @@ jobs: steps: - name: "Create release" - uses: "ergebnis/.github/actions/github/release/create@1.5.1" + uses: "ergebnis/.github/actions/github/release/create@1.7.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml index 59fa6c4..9448fa2 100644 --- a/.github/workflows/triage.yaml +++ b/.github/workflows/triage.yaml @@ -15,6 +15,6 @@ jobs: steps: - name: "Add labels based on branch name" - uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.5.1" + uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.7.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" From e227716baf227c99ea30a44ed2625df6674331a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=B6ller?= Date: Mon, 3 Oct 2022 12:42:47 +0200 Subject: [PATCH 02/19] Fix: Add dependabot configuration for recently added composite actions --- .github/dependabot.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9dc98f8..7be0410 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -79,3 +79,36 @@ updates: package-ecosystem: "github-actions" schedule: interval: "daily" + + - commit-message: + include: "scope" + prefix: "github-actions" + directory: "/actions/oh-dear/check/request-run" + labels: + - "dependency" + open-pull-requests-limit: 10 + package-ecosystem: "github-actions" + schedule: + interval: "daily" + + - commit-message: + include: "scope" + prefix: "github-actions" + directory: "/actions/oh-dear/maintenance-period/start" + labels: + - "dependency" + open-pull-requests-limit: 10 + package-ecosystem: "github-actions" + schedule: + interval: "daily" + + - commit-message: + include: "scope" + prefix: "github-actions" + directory: "/actions/oh-dear/maintenance-period/stop" + labels: + - "dependency" + open-pull-requests-limit: 10 + package-ecosystem: "github-actions" + schedule: + interval: "daily" From 4d75f144dcec0e84947f1fda9272aab90ec582b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Oct 2022 22:02:54 +0000 Subject: [PATCH 03/19] github-actions(deps): bump actions/checkout from 3.0.2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.0.2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/integrate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integrate.yaml b/.github/workflows/integrate.yaml index 3642c95..94e1da2 100644 --- a/.github/workflows/integrate.yaml +++ b/.github/workflows/integrate.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: "Checkout" - uses: "actions/checkout@v3.0.2" + uses: "actions/checkout@v3.1.0" - name: "Lint YAML files" uses: "ibiqlik/action-yamllint@v3.1.0" From 5795b535467a8b79b10f4a06ae04805bf0db3b57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Oct 2022 22:40:53 +0000 Subject: [PATCH 04/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.1 to 6.3.2. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.1...v6.3.2) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/add-assignee/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/add-assignee/action.yaml b/actions/github/pull-request/add-assignee/action.yaml index 8d0d8d6..cae641d 100644 --- a/actions/github/pull-request/add-assignee/action.yaml +++ b/actions/github/pull-request/add-assignee/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" with: github-token: "${{ inputs.github-token }}" script: | @@ -44,7 +44,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Add assignee to pull request" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" env: ASSIGNEE: "${{ inputs.assignee }}" with: From bfaa84083de831a46a3dc7244aea8ee5366701dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Oct 2022 22:40:57 +0000 Subject: [PATCH 05/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.1 to 6.3.2. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.1...v6.3.2) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .../pull-request/add-label-based-on-branch-name/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/add-label-based-on-branch-name/action.yaml b/actions/github/pull-request/add-label-based-on-branch-name/action.yaml index b3c6c54..e167197 100644 --- a/actions/github/pull-request/add-label-based-on-branch-name/action.yaml +++ b/actions/github/pull-request/add-label-based-on-branch-name/action.yaml @@ -19,7 +19,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" with: github-token: "${{ inputs.github-token }}" script: | @@ -43,7 +43,7 @@ runs: core.setFailed(`Unable to determine the pull request number and branch name for event "${context.eventName}"`); - name: "Add label to pull request based on branch name" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" with: github-token: "${{ inputs.github-token }}" script: | From 3ff86d6f5d8c4fa544737494304bd608f95672bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Oct 2022 22:40:58 +0000 Subject: [PATCH 06/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.1 to 6.3.2. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.1...v6.3.2) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/merge/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/merge/action.yaml b/actions/github/pull-request/merge/action.yaml index 0a96a09..11dbf2a 100644 --- a/actions/github/pull-request/merge/action.yaml +++ b/actions/github/pull-request/merge/action.yaml @@ -23,7 +23,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" with: github-token: "${{ inputs.github-token }}" script: | @@ -45,7 +45,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Merge pull request" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" env: MERGE_METHOD: "${{ inputs.merge-method }}" with: From 2ee15b1de60b10efd3a68c46dcf48143955cec6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Oct 2022 22:41:17 +0000 Subject: [PATCH 07/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.1 to 6.3.2. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.1...v6.3.2) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/request-review/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/request-review/action.yaml b/actions/github/pull-request/request-review/action.yaml index cf613c3..eb010d5 100644 --- a/actions/github/pull-request/request-review/action.yaml +++ b/actions/github/pull-request/request-review/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" with: github-token: "${{ inputs.github-token }}" script: | @@ -44,7 +44,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Request reviewer" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" env: REVIEWER: "${{ inputs.reviewer }}" with: From 07785fef7a95826d84c22d2a2e65cc6cee8989cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Oct 2022 22:41:19 +0000 Subject: [PATCH 08/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.1 to 6.3.2. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.1...v6.3.2) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/approve/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/approve/action.yaml b/actions/github/pull-request/approve/action.yaml index 82f295f..13c0fcf 100644 --- a/actions/github/pull-request/approve/action.yaml +++ b/actions/github/pull-request/approve/action.yaml @@ -19,7 +19,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" with: github-token: "${{ inputs.github-token }}" script: | @@ -41,7 +41,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Approve pull request" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.2" with: github-token: "${{ inputs.github-token }}" script: | From 1bcb0d9249d36712bbeba445782d71b20f1eb3d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 22:12:56 +0000 Subject: [PATCH 09/19] github-actions(deps): bump ibiqlik/action-yamllint from 3.1.0 to 3.1.1 Bumps [ibiqlik/action-yamllint](https://github.com/ibiqlik/action-yamllint) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/ibiqlik/action-yamllint/releases) - [Commits](https://github.com/ibiqlik/action-yamllint/compare/v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: ibiqlik/action-yamllint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/integrate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integrate.yaml b/.github/workflows/integrate.yaml index 94e1da2..dd5575b 100644 --- a/.github/workflows/integrate.yaml +++ b/.github/workflows/integrate.yaml @@ -19,7 +19,7 @@ jobs: uses: "actions/checkout@v3.1.0" - name: "Lint YAML files" - uses: "ibiqlik/action-yamllint@v3.1.0" + uses: "ibiqlik/action-yamllint@v3.1.1" with: config_file: ".yamllint.yaml" file_or_dir: "." From 32041260d485a5c5cae205c38f58ef2d2ac873db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 22:28:11 +0000 Subject: [PATCH 10/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.2 to 6.3.3. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.2...v6.3.3) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .../pull-request/add-label-based-on-branch-name/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/add-label-based-on-branch-name/action.yaml b/actions/github/pull-request/add-label-based-on-branch-name/action.yaml index e167197..e2b60c3 100644 --- a/actions/github/pull-request/add-label-based-on-branch-name/action.yaml +++ b/actions/github/pull-request/add-label-based-on-branch-name/action.yaml @@ -19,7 +19,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | @@ -43,7 +43,7 @@ runs: core.setFailed(`Unable to determine the pull request number and branch name for event "${context.eventName}"`); - name: "Add label to pull request based on branch name" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | From 00880519966275aad5302ee0be363e2876e9de55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 22:29:03 +0000 Subject: [PATCH 11/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.2 to 6.3.3. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.2...v6.3.3) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/add-assignee/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/add-assignee/action.yaml b/actions/github/pull-request/add-assignee/action.yaml index cae641d..18f41be 100644 --- a/actions/github/pull-request/add-assignee/action.yaml +++ b/actions/github/pull-request/add-assignee/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | @@ -44,7 +44,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Add assignee to pull request" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" env: ASSIGNEE: "${{ inputs.assignee }}" with: From 9804c9e4c6ed7953207437c4e15989f55951084f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 22:29:05 +0000 Subject: [PATCH 12/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.2 to 6.3.3. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.2...v6.3.3) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/merge/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/merge/action.yaml b/actions/github/pull-request/merge/action.yaml index 11dbf2a..e724c1c 100644 --- a/actions/github/pull-request/merge/action.yaml +++ b/actions/github/pull-request/merge/action.yaml @@ -23,7 +23,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | @@ -45,7 +45,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Merge pull request" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" env: MERGE_METHOD: "${{ inputs.merge-method }}" with: From 477a6937f35b7d43477a4c0f297d88a29a7abec0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 22:29:13 +0000 Subject: [PATCH 13/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.1 to 6.3.3. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.1...v6.3.3) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/release/create/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/github/release/create/action.yaml b/actions/github/release/create/action.yaml index 76a0ca8..961898c 100644 --- a/actions/github/release/create/action.yaml +++ b/actions/github/release/create/action.yaml @@ -23,7 +23,7 @@ runs: shell: "bash" - name: "Create release" - uses: "actions/github-script@v6.3.1" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | From d9444e2be744e9579916505f017dfbb2d9600021 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 22:29:15 +0000 Subject: [PATCH 14/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.2 to 6.3.3. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.2...v6.3.3) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/request-review/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/request-review/action.yaml b/actions/github/pull-request/request-review/action.yaml index eb010d5..394ef02 100644 --- a/actions/github/pull-request/request-review/action.yaml +++ b/actions/github/pull-request/request-review/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | @@ -44,7 +44,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Request reviewer" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" env: REVIEWER: "${{ inputs.reviewer }}" with: From cd044449ae5246631dd4730e36da68fd76d78c2b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 22:29:23 +0000 Subject: [PATCH 15/19] github-actions(deps): bump actions/github-script Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.2 to 6.3.3. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v6.3.2...v6.3.3) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- actions/github/pull-request/approve/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/github/pull-request/approve/action.yaml b/actions/github/pull-request/approve/action.yaml index 13c0fcf..2fae547 100644 --- a/actions/github/pull-request/approve/action.yaml +++ b/actions/github/pull-request/approve/action.yaml @@ -19,7 +19,7 @@ runs: steps: - name: "Determine pull request number" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | @@ -41,7 +41,7 @@ runs: core.setFailed(`Unable to determine the pull request number for event "${context.eventName}"`); - name: "Approve pull request" - uses: "actions/github-script@v6.3.2" + uses: "actions/github-script@v6.3.3" with: github-token: "${{ inputs.github-token }}" script: | From c9ffc5179d410f903b5e25ffe0224a7fd3247193 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Dec 2022 22:00:38 +0000 Subject: [PATCH 16/19] github-actions(deps): Bump actions/checkout from 3.1.0 to 3.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...v3.2.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/integrate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integrate.yaml b/.github/workflows/integrate.yaml index dd5575b..4f96f57 100644 --- a/.github/workflows/integrate.yaml +++ b/.github/workflows/integrate.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: "Checkout" - uses: "actions/checkout@v3.1.0" + uses: "actions/checkout@v3.2.0" - name: "Lint YAML files" uses: "ibiqlik/action-yamllint@v3.1.1" From 58ef70a7f9951c73442ac4362316d4f09d1228c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Jan 2023 22:00:31 +0000 Subject: [PATCH 17/19] github-actions(deps): Bump actions/checkout from 3.2.0 to 3.3.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.2.0...v3.3.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/integrate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integrate.yaml b/.github/workflows/integrate.yaml index 4f96f57..af3df2f 100644 --- a/.github/workflows/integrate.yaml +++ b/.github/workflows/integrate.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: "Checkout" - uses: "actions/checkout@v3.2.0" + uses: "actions/checkout@v3.3.0" - name: "Lint YAML files" uses: "ibiqlik/action-yamllint@v3.1.1" From 5c96f8d6abd4a970635f385e3838b444115237a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=B6ller?= Date: Tue, 24 Jan 2023 16:54:19 +0100 Subject: [PATCH 18/19] Enhancement: Add composite action for installing dependencies with phive --- .github/dependabot.yml | 11 ++++++ CHANGELOG.md | 5 +++ README.md | 58 +++++++++++++++++++++++++++++++ actions/phive/install/action.yaml | 39 +++++++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 actions/phive/install/action.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7be0410..61f6b18 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -112,3 +112,14 @@ updates: package-ecosystem: "github-actions" schedule: interval: "daily" + + - commit-message: + include: "scope" + prefix: "github-actions" + directory: "/actions/phive/install" + labels: + - "dependency" + open-pull-requests-limit: 10 + package-ecosystem: "github-actions" + schedule: + interval: "daily" diff --git a/CHANGELOG.md b/CHANGELOG.md index c9c3cb6..9571016 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), For a full diff see [`1.7.0...main`][1.7.0...main]. +### Added + +- Added composite action `phive/install` for installing dependencies with [`phive`](https://phar.io) ([#142]), by [@localheinz] + ## [`1.7.0`][1.7.0] For a full diff see [`1.6.0...1.7.0`][1.6.0...1.7.0]. @@ -164,5 +168,6 @@ For a full diff see [`1.0.0...main`][1.0.0...main]. [#96]: https://github.com/ergebnis/.github/pull/96 [#123]: https://github.com/ergebnis/.github/pull/123 [#124]: https://github.com/ergebnis/.github/pull/124 +[#142]: https://github.com/ergebnis/.github/pull/142 [@localheinz]: https://github.com/localheinz diff --git a/README.md b/README.md index 91a6961..2b61f49 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ This repository provides the following composite actions: - [`ergebnis/.github/actions/oh-dear/check/request-run`](#oh-dear-check-request-run) - [`ergebnis/.github/actions/oh-dear/maintenance-period/start`](#oh-dear-maintenance-period-start) - [`ergebnis/.github/actions/oh-dear/maintenance-period/stop`](#oh-dear-maintenance-period-stop) +- [`ergebnis/.github/actions/phive/install`](#phive-install) ### `ergebnis/.github/actions/composer/determine-cache-directory` @@ -655,6 +656,63 @@ none A maintenance period is stopped by the user who owns the Oh Dear API token specified with the `oh-dear-api-token` input for the site identified by the `oh-dear-site-id` input. +### `ergebnis/.github/actions/phive/install` + +This action installs dependencies with [`phive`](https://phar.io). + +```yaml +name: "Integrate" + +on: + pull_request: null + push: + branches: + - "main" + +jobs: + tests: + name: "Tests" + + runs-on: "ubuntu-latest" + + steps: + - name: "Checkout" + uses: "actions/checkout@v3.0.2" + + - name: "Set up PHP" + uses: "shivammathur/setup-php@2.21.2" + with: + coverage: "none" + php-version: "8.1" + tools: "phive" + + - name: "Install dependencies with phive" + uses: "ergebnis/.github/actions/phive/install@1.8.0" + with: + trust-gpg-keys: "0x033E5F8D801A2F8D,0x2A8299CE842DD38C" +``` + +For details, see [`actions/phive/install/action.yaml`](actions/phive/install/action.yaml). + +#### Inputs + +- `phive-home`, optional: Which directory to use as `PHIVE_HOME` directory, defaults to `".build/phive"`. +- `trust-gpg-keys`, required: Which GPG keys to trust, a comma-separated list of trusted GPG keys + +#### Outputs + +none + +#### Side Effects + +Dependencies are installed, assuming + +- `phive` is available +- `phive` could find a `phars.xml` +- keys presented by packages are listed using the `trust-gpg-keys` option + +The directory configured by the `phive-home` directory is cached using [`actions/cache`](https://github.com/actions/cache). + ## Changelog Please have a look at [`CHANGELOG.md`](CHANGELOG.md). diff --git a/actions/phive/install/action.yaml b/actions/phive/install/action.yaml new file mode 100644 index 0000000..758d2e2 --- /dev/null +++ b/actions/phive/install/action.yaml @@ -0,0 +1,39 @@ +# https://docs.github.com/en/actions/creating-actions/creating-a-composite-action +# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputs +# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs-for-composite-run-steps-actions +# https://phar.io + +name: "Install dependencies with phive" + +description: "Installs dependencies with phive" + +inputs: + phive-home: + default: ".build/phive" + description: "Which directory to use as PHIVE_HOME directory" + required: false + trust-gpg-keys: + default: "" + description: "A comma-separated list of trusted GPG keys" + required: true + +runs: + using: "composite" + + steps: + - name: "Create phive home directory" + run: "mkdir -p ${{ inputs.phive-home }}" + shell: "bash" + + - name: "Cache dependencies installed with phive" + uses: "actions/cache@v3.2.3" + with: + path: "${{ inputs.phive-home }}" + key: "phive-hashFiles('**/phars.xml')" + restore-keys: "phive-" + + - name: "Install dependencies with phive" + env: + PHIVE_HOME: "${{ inputs.phive-home }}" + run: "phive install --trust-gpg-keys ${{ inputs.trust-gpg-keys }}" + shell: "bash" From 3f92fddff613c9e5f78ceb452b4c7ee93573be6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20M=C3=B6ller?= Date: Tue, 24 Jan 2023 16:57:38 +0100 Subject: [PATCH 19/19] Enhancement: Prepare release --- CHANGELOG.md | 9 +++++++-- README.md | 26 +++++++++++++------------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9571016..342dae4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## Unreleased -For a full diff see [`1.7.0...main`][1.7.0...main]. +For a full diff see [`1.8.0...main`][1.8.0...main]. + +## [`1.8.0`][1.8.0] + +For a full diff see [`1.7.0...1.8.0`][1.7.0...1.8.0]. ### Added @@ -148,7 +152,8 @@ For a full diff see [`1.0.0...main`][1.0.0...main]. [1.5.0...1.5.1]: https://github.com/ergebnis/.github/compare/1.5.0...1.5.1 [1.5.1...1.6.0]: https://github.com/ergebnis/.github/compare/1.5.1...1.6.0 [1.6.0...1.7.0]: https://github.com/ergebnis/.github/compare/1.6.0...1.7.0 -[1.7.0...main]: https://github.com/ergebnis/.github/compare/1.7.0...main +[1.7.0...1.8.0]: https://github.com/ergebnis/.github/compare/1.7.0...1.8.0 +[1.8.0...main]: https://github.com/ergebnis/.github/compare/1.8.0...main [#47]: https://github.com/ergebnis/.github/pull/47 [#48]: https://github.com/ergebnis/.github/pull/48 diff --git a/README.md b/README.md index 2b61f49..0782cff 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ jobs: php-version: "8.1" - name: "Determine composer cache directory" - uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.7.0" + uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.8.0" - name: "Cache dependencies installed with composer" uses: "actions/cache@v3.0.8" @@ -115,7 +115,7 @@ jobs: php-version: "8.1" - name: "Determine composer root version" - uses: "ergebnis/.github/actions/composer/determine-root-version@1.7.0" + uses: "ergebnis/.github/actions/composer/determine-root-version@1.8.0" ``` For details, see [`actions/composer/determine-root-version/action.yaml`](actions/composer/determine-root-version/action.yaml). @@ -180,7 +180,7 @@ jobs: php-version: "8.1" - name: "Determine composer cache directory" - uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.7.0" + uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.8.0" - name: "Cache dependencies installed with composer" uses: "actions/cache@v3.0.8" @@ -190,7 +190,7 @@ jobs: restore-keys: "composer-${{ matrix.dependencies }}-" - name: "Install ${{ matrix.dependencies }} dependencies with composer" - uses: "ergebnis/.github/actions/composer/install@1.7.0" + uses: "ergebnis/.github/actions/composer/install@1.8.0" with: dependencies: "${{ matrix.dependencies }}" ``` @@ -257,7 +257,7 @@ jobs: steps: - name: "Assign @ergebnis-bot" - uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.7.0" + uses: "ergebnis/.github/actions/github/pull-request/add-assignee@1.8.0" with: assignee: "ergebnis-bot" github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" @@ -300,7 +300,7 @@ jobs: steps: - name: "Add labels based on branch name" - uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.7.0" + uses: "ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name@1.8.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" ``` @@ -352,7 +352,7 @@ jobs: steps: - name: "Approve pull request" - uses: "ergebnis/.github/actions/github/pull-request/approve@1.7.0" + uses: "ergebnis/.github/actions/github/pull-request/approve@1.8.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" ``` @@ -403,7 +403,7 @@ jobs: steps: - name: "Merge pull request" - uses: "ergebnis/.github/actions/github/pull-request/merge@1.7.0" + uses: "ergebnis/.github/actions/github/pull-request/merge@1.8.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" ``` @@ -455,7 +455,7 @@ jobs: steps: - name: "Request review from @ergebnis-bot" - uses: "ergebnis/.github/actions/github/pull-request/request-review@1.7.0" + uses: "ergebnis/.github/actions/github/pull-request/request-review@1.8.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" reviewer: "ergebnis-bot" @@ -499,7 +499,7 @@ jobs: steps: - name: "Create release" - uses: "ergebnis/.github/actions/github/release/create@1.7.0" + uses: "ergebnis/.github/actions/github/release/create@1.8.0" with: github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}" ``` @@ -543,7 +543,7 @@ jobs: fetch-depth: 50 - name: "Request broken links check on ohdear.app" - uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.7.0" + uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.8.0" with: oh-dear-api-token: "${{ secrets.OH_DEAR_API_TOKEN }}" oh-dear-check-id: "${{ secrets.OH_DEAR_BROKEN_LINKS_CHECK_ID }}" @@ -589,7 +589,7 @@ jobs: fetch-depth: 50 - name: "Start maintenance period on ohdear.app" - uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.7.0" + uses: "ergebnis/.github/actions/oh-dear/maintenance-period/start@1.8.0" with: oh-dear-api-token: "${{ secrets.OH_DEAR_API_TOKEN }}" oh-dear-site-id: "${{ secrets.OH_DEAR_SITE_ID }}" @@ -635,7 +635,7 @@ jobs: fetch-depth: 50 - name: "Stop maintenance period on ohdear.app" - uses: "ergebnis/.github/actions/oh-dear/maintenance-period/stop@1.7.0" + uses: "ergebnis/.github/actions/oh-dear/maintenance-period/stop@1.8.0" with: oh-dear-api-token: "${{ secrets.OH_DEAR_API_TOKEN }}" oh-dear-site-id: "${{ secrets.OH_DEAR_SITE_ID }}"