diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1a2b4b3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + cooldown: + default-days: 3 + groups: + github-actions-minor: + update-types: + - minor + - patch diff --git a/.github/workflows/validate-plugins.yml b/.github/workflows/validate-plugins.yml index b25c197..66cbab5 100644 --- a/.github/workflows/validate-plugins.yml +++ b/.github/workflows/validate-plugins.yml @@ -26,10 +26,10 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup Bun - uses: oven-sh/setup-bun@v2 + uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 - name: Validate marketplace completeness run: bun run scripts/validate-marketplace.ts diff --git a/.github/workflows/validate-yaml.yml b/.github/workflows/validate-yaml.yml index be18aef..cd3c13a 100644 --- a/.github/workflows/validate-yaml.yml +++ b/.github/workflows/validate-yaml.yml @@ -15,7 +15,7 @@ jobs: name: YAML Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Lint YAML files run: yamllint -d relaxed . @@ -24,7 +24,7 @@ jobs: name: GitHub Actions Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install actionlint run: | diff --git a/actions/caprover-deploy/action.yml b/actions/caprover-deploy/action.yml index 800562b..8604363 100644 --- a/actions/caprover-deploy/action.yml +++ b/actions/caprover-deploy/action.yml @@ -33,7 +33,7 @@ runs: run: echo "deployStartedAt=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT - name: Setup Bun - uses: oven-sh/setup-bun@v2 + uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 with: bun-version: ${{ inputs.bun-version }} diff --git a/actions/caprover-setup/action.yml b/actions/caprover-setup/action.yml index c529738..8233cdb 100644 --- a/actions/caprover-setup/action.yml +++ b/actions/caprover-setup/action.yml @@ -44,7 +44,7 @@ runs: using: 'composite' steps: - name: Setup Bun - uses: oven-sh/setup-bun@v2 + uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 with: bun-version: ${{ inputs.bun-version }} @@ -99,7 +99,7 @@ runs: CAPROVER_PASSWORD: ${{ inputs.caprover-password }} - name: Notify on failure - uses: sarisia/actions-status-discord@v1 + uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0 if: ${{ failure() && inputs.discord-webhook != '' }} with: webhook: ${{ inputs.discord-webhook }} diff --git a/actions/docker-build/action.yml b/actions/docker-build/action.yml index 80ea584..4f68b16 100644 --- a/actions/docker-build/action.yml +++ b/actions/docker-build/action.yml @@ -31,14 +31,14 @@ runs: using: 'composite' steps: - name: Log in to the Container registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ inputs.github-token }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Extract image name id: image-name @@ -51,7 +51,7 @@ runs: fi - name: Build and push Docker image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: push: true context: ${{ inputs.context }} diff --git a/actions/healthcheck/action.yml b/actions/healthcheck/action.yml index be2a758..88ed57f 100644 --- a/actions/healthcheck/action.yml +++ b/actions/healthcheck/action.yml @@ -22,7 +22,7 @@ runs: using: 'composite' steps: - name: Check the deployed service URL - uses: jtalk/url-health-check-action@v4 + uses: jtalk/url-health-check-action@b716ccb6645355dd9fcce8002ce460e5474f7f00 # v4 with: url: ${{ inputs.url }} max-attempts: ${{ inputs.max-attempts }} @@ -30,7 +30,7 @@ runs: retry-all: true - name: Notify on failure - uses: sarisia/actions-status-discord@v1 + uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0 if: ${{ failure() && inputs.discord-webhook != '' }} with: webhook: ${{ inputs.discord-webhook }} diff --git a/workflows/expo-publish-pr.yml b/workflows/expo-publish-pr.yml index 7fd3750..34380ac 100644 --- a/workflows/expo-publish-pr.yml +++ b/workflows/expo-publish-pr.yml @@ -66,13 +66,13 @@ jobs: DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} steps: - name: Setup repo - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - uses: cardinalby/export-env-action@v2 + - uses: cardinalby/export-env-action@4f48c4676cf6ed6f46e30899ee987ce695da7c80 # 2.2.3 with: envFile: ${{ inputs.env_file }} - - uses: oven-sh/setup-bun@v2 + - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 with: bun-version: ${{ inputs.bun_version || env.BUN_VERSION }} @@ -80,10 +80,10 @@ jobs: run: bun install --frozen-lockfile - name: Install 1Password CLI - uses: 1password/install-cli-action@v1 + uses: 1password/install-cli-action@143a85f84a90555d121cde2ff5872e393a47ab9f # v1.0.0 - name: Load secret - uses: 1password/load-secrets-action/configure@v2 + uses: 1password/load-secrets-action/configure@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2.0.0 env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} @@ -97,7 +97,7 @@ jobs: - name: Find Metro cache id: metro-cache-dir-path - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: result-encoding: string script: | @@ -106,14 +106,14 @@ jobs: return path.join(os.tmpdir(), 'metro-cache'); - name: Cache Metro - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 id: cache-metro with: path: ${{ steps.metro-cache-dir-path.outputs.result }} key: metro-cache-${{ env.BUN_VERSION }}-${{ runner.os }}-${{ inputs.platform }}-${{ inputs.working_directory }} - name: Setup EAS - uses: expo/expo-github-action@v8 + uses: expo/expo-github-action@c7b66a9c327a43a8fa7c0158e7f30d6040d2481e # v8.2.1 with: eas-version: latest packager: bun @@ -123,7 +123,7 @@ jobs: run: bun run codegen - name: Create preview - uses: expo/expo-github-action/preview@v8 + uses: expo/expo-github-action/preview@c7b66a9c327a43a8fa7c0158e7f30d6040d2481e # v8.2.1 env: TAMAGUI_TARGET: native EXPO_PUBLIC_BACKEND_ROOT_URL: ${{ inputs.backend_url }} @@ -141,7 +141,7 @@ jobs: SENTRY_ORG: ${{ inputs.sentry_org }} SENTRY_PROJECT: ${{ inputs.sentry_project }} - - uses: sarisia/actions-status-discord@v1 + - uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0 if: ${{ failure() }} with: webhook: ${{ env.DISCORD_WEBHOOK }} diff --git a/workflows/test-in-parallel.yml b/workflows/test-in-parallel.yml index 67ff512..102b4c8 100644 --- a/workflows/test-in-parallel.yml +++ b/workflows/test-in-parallel.yml @@ -93,29 +93,29 @@ jobs: test-chunk-ids: ${{ steps['set-test-chunk-ids'].outputs['test-chunk-ids'] }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - uses: cardinalby/export-env-action@v2 + - uses: cardinalby/export-env-action@4f48c4676cf6ed6f46e30899ee987ce695da7c80 # 2.2.3 if: ${{ inputs.env_file }} with: envFile: ${{ inputs.env_file }} - - uses: pnpm/action-setup@v3 + - uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 if: ${{ inputs.package_manager == 'pnpm' }} with: version: ${{ inputs.pnpm_version }} - - uses: oven-sh/setup-bun@v2 + - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 if: ${{ inputs.package_manager == 'bun' }} with: bun-version: ${{ env.BUN_VERSION }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 if: ${{ env.ACT && inputs.package_manager != 'bun' }} with: node-version-file: .nvmrc - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 if: ${{ !env.ACT && inputs.package_manager != 'bun' }} with: node-version-file: .nvmrc @@ -152,31 +152,31 @@ jobs: chunk: ${{ fromJson(needs.setup.outputs['test-chunk-ids']) }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - uses: pnpm/action-setup@v3 + - uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 if: ${{ inputs.package_manager == 'pnpm' }} with: version: ${{ inputs.pnpm_version }} - - uses: cardinalby/export-env-action@v2 + - uses: cardinalby/export-env-action@4f48c4676cf6ed6f46e30899ee987ce695da7c80 # 2.2.3 if: ${{ inputs.env_file }} with: envFile: ${{ inputs.env_file }} - - uses: oven-sh/setup-bun@v2 + - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 if: ${{ inputs.package_manager == 'bun' }} with: bun-version: ${{ env.BUN_VERSION }} - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 if: ${{ env.ACT && inputs.package_manager != 'bun' }} with: node-version-file: .nvmrc - name: Setup Node and Cache - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 if: ${{ !env.ACT && inputs.package_manager != 'bun' }} with: node-version-file: .nvmrc @@ -191,11 +191,11 @@ jobs: if: ${{ inputs.package_manager != 'npm' }} - name: Install 1Password CLI - uses: 1password/install-cli-action@v1 + uses: 1password/install-cli-action@143a85f84a90555d121cde2ff5872e393a47ab9f # v1.0.0 if: ${{ inputs.op_setup_script }} - name: Load secret - uses: 1password/load-secrets-action/configure@v2 + uses: 1password/load-secrets-action/configure@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2.0.0 if: ${{ inputs.op_setup_script }} env: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} @@ -211,10 +211,10 @@ jobs: CHUNKS: ${{ needs.setup.outputs['test-chunks'] }} NODE_OPTIONS: --max-old-space-size=4096 - - uses: sarisia/actions-status-discord@v1 + - uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0 if: ${{ failure() && env.DISCORD_WEBHOOK }} with: webhook: ${{ env.DISCORD_WEBHOOK }} - - uses: rtCamp/action-slack-notify@v2 + - uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 if: ${{ failure() && env.SLACK_WEBHOOK }}