diff --git a/.github/renovate.json b/.github/renovate.json index b953677..1b9a123 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -137,6 +137,17 @@ "matchStrings": [ "renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?\\s+version: (?.*)\\s" ] + }, + { + "customType": "regex", + "fileMatch": [ + "^Dockerfile$" + ], + "matchStrings": [ + "#\\s*renovate:\\s*?(release=(?.*?))?\\s*depName=(?.*?)?\\sENV .*?_VERSION=\"(?.*)\"" + ], + "registryUrlTemplate": "https://deb.debian.org/debian?{{#if release }}release={{release}}{{else}}suite=stable{{/if}}&components=main,contrib,non-free&binaryArch=amd64", + "datasourceTemplate": "deb" } ] } diff --git a/.github/workflows/closing.yml b/.github/workflows/closing.yml index 18ca0c8..311cce8 100644 --- a/.github/workflows/closing.yml +++ b/.github/workflows/closing.yml @@ -9,6 +9,10 @@ on: issues: types: [closed] +concurrency: + group: ${{ github.workflow }}-${{ github.event.issue.id }} + cancel-in-progress: true + permissions: contents: read @@ -24,7 +28,11 @@ jobs: if: | github.actor != 'renovate[bot]' && github.event.issue.state_reason == 'completed' && - (contains(github.event.issue.labels.*.name, 'question') && ! contains(github.event.issue.labels.*.name, 'duplicate') && ! contains(github.event.issue.labels.*.name, 'wontfix')) || join(github.event.issue.labels.*.name) == '' + ( + contains(github.event.issue.labels.*.name, 'question') && + ! contains(github.event.issue.labels.*.name, 'duplicate') && + ! contains(github.event.issue.labels.*.name, 'wontfix') + ) || join(github.event.issue.labels.*.name) == '' with: token: ${{ secrets.GITHUB_TOKEN }} issue-number: ${{ github.event.issue.number }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index e0b2721..aaf7008 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,7 +8,6 @@ name: Pre-commit check on: push: branches-ignore: - - deepsource-fix-** - renovate/** - weblate pull_request: @@ -35,13 +34,13 @@ jobs: id: detect run: | if test -f requirements-lint.txt ; then - echo "method=requirements" >> $GITHUB_OUTPUT + echo "method=requirements" >> "$GITHUB_OUTPUT" elif test -f pyproject.toml && grep -q dependency-groups pyproject.toml ; then - echo "method=pep735" >> $GITHUB_OUTPUT + echo "method=pep735" >> "$GITHUB_OUTPUT" elif test -f pyproject.toml && grep -q dependency-groups pyproject.toml ; then - echo "method=pyproject" >> $GITHUB_OUTPUT + echo "method=pyproject" >> "$GITHUB_OUTPUT" else - echo "method=uvx" >> $GITHUB_OUTPUT + echo "method=uvx" >> "$GITHUB_OUTPUT" fi - name: pre-commit (PEP 735) if: steps.detect.outputs.method == 'pep735' @@ -60,7 +59,7 @@ jobs: run: uv pip install --system -r requirements-lint.txt - name: Install dependencies if: steps.detect.outputs.method == 'pyproject' - run: uv pip install --system $(sed -n 's/.*"\(pre-commit==\([^"]*\)\)".*/\1/p' pyproject.toml) + run: uv pip install --system "$(sed -n 's/.*"\(pre-commit==\([^"]*\)\)".*/\1/p' pyproject.toml)" - name: pre-commit (installed) if: steps.detect.outputs.method == 'requirements' || steps.detect.outputs.method == 'pyproject' run: pre-commit run --all diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml index 669b4c3..ebb3b59 100644 --- a/.github/workflows/setup.yml +++ b/.github/workflows/setup.yml @@ -30,3 +30,5 @@ jobs: - name: Publish package if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') run: uv publish --trusted-publishing always +permissions: + contents: read diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9abe88a..5321f97 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -49,3 +49,5 @@ jobs: run: | curl https://deepsource.io/cli | sh ./bin/deepsource report --analyzer test-coverage --key python --value-file ./coverage.xml +permissions: + contents: read diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4d80eb2..9d48ea3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -54,5 +54,9 @@ repos: hooks: - id: reuse +- repo: https://github.com/rhysd/actionlint + rev: v1.7.7 + hooks: + - id: actionlint ci: autoupdate_schedule: quarterly