diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6c4b3695..a9e2c75f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,8 +4,6 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" - groups: - actions: - patterns: - - "*" + interval: "monthly" + cooldown: + default-days: 7 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aa31f262..f8c4fb25 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # required for setuptools_scm to find tags persist-credentials: false @@ -48,7 +48,7 @@ jobs: steps: - name: Download dist artefacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: Packages path: dist diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a83745ae..3c22440c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,13 +21,13 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - uses: actions/setup-python@v6 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.10" - - uses: pre-commit/action@v3.0.1 + - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 test-dist: name: Test SDist & wheel @@ -37,11 +37,11 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Install CPython 3.10 - uses: actions/setup-python@v6 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.10" architecture: x64 @@ -78,29 +78,29 @@ jobs: qemu: true steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup cache - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: ~/.cache/auditwheel_tests key: python${{ matrix.python }}-${{ matrix.platform[0] }}-${{ hashFiles('**/test_manylinux.py') }} restore-keys: python${{ matrix.python }}-${{ matrix.platform[0] }}- - name: Install CPython ${{ matrix.python }} - uses: actions/setup-python@v6 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "${{ matrix.python }}" allow-prereleases: true - name: Set up QEMU if: matrix.qemu - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Run tests run: pipx run nox -s tests-${{ matrix.python }} env: AUDITWHEEL_ARCH: ${{ matrix.platform[0] }} AUDITWHEEL_QEMU: ${{ matrix.qemu }} - name: Upload coverage to codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2d5de693..e6a4d373 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -40,3 +40,8 @@ repos: - pytest - types-docker - types-requests + +- repo: https://github.com/zizmorcore/zizmor-pre-commit + rev: v1.19.0 + hooks: + - id: zizmor