From 5cba089ed23446e5495fd5482e736d43b623281f Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Wed, 20 Aug 2025 00:57:42 +0900 Subject: [PATCH 1/7] chore(ci): Add automated ratchet update workflow and disable dependabot actions updates - Add ratchet-update.yml workflow for weekly automated SHA updates - Disable dependabot github-actions updates in dependabot.yml - Workflow creates PRs automatically when updates are available --- .github/dependabot.yml | 6 +-- .github/workflows/ratchet-update.yml | 58 ++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/ratchet-update.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5ace4600a..e180032a0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,2 @@ version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" +updates: [] diff --git a/.github/workflows/ratchet-update.yml b/.github/workflows/ratchet-update.yml new file mode 100644 index 000000000..2b4b87c3e --- /dev/null +++ b/.github/workflows/ratchet-update.yml @@ -0,0 +1,58 @@ +name: Ratchet update +on: + schedule: + - cron: '0 0 * * 1' # Every Monday at midnight UTC + workflow_dispatch: # Allow manual trigger + +jobs: + update: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # ratchet:actions/setup-go@v5 + with: + go-version: stable + + - name: Install ratchet + run: | + go install github.com/sethvargo/ratchet@v0.11.3 + ratchet --version + + - name: Update pinned SHAs + run: | + ratchet update .github/workflows/*.yml + + - name: Check for changes + id: changes + run: | + if git diff --quiet; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Create Pull Request + if: steps.changes.outputs.has_changes == 'true' + uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: 'chore(ci): Update pinned GitHub Actions SHAs' + title: 'chore(ci): Update pinned GitHub Actions SHAs' + body: | + ## Summary + - Updated pinned GitHub Actions SHAs using ratchet + + ## Changes + This PR contains automated updates to the pinned SHAs in GitHub Actions workflows to ensure we're using the latest versions while maintaining security through SHA pinning. + + ## Checklist + - [x] Run `npm run test` + - [x] Run `npm run lint` + branch: chore/update-actions-shas + delete-branch: true \ No newline at end of file From 13c20b5074fc2d77b303cb9a6cc06578162fa2d1 Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Wed, 20 Aug 2025 23:42:35 +0900 Subject: [PATCH 2/7] fix(ci): Keep npm updates in dependabot, disable only github-actions --- .github/dependabot.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e180032a0..aff82a102 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,2 +1,6 @@ version: 2 -updates: [] +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" From 2289e4630c576eb69ab8c3efad0e47d1d1cd5dc5 Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Wed, 20 Aug 2025 23:43:36 +0900 Subject: [PATCH 3/7] chore(ci): Remove dependabot.yml as using renovate for dependencies --- .github/dependabot.yml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index aff82a102..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "weekly" From 4dcdf6b3e88179d9db9c4042a834f495a94fd39f Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Wed, 20 Aug 2025 23:44:25 +0900 Subject: [PATCH 4/7] chore(ci): Enable dependabot security-only updates for npm --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..9afcb2b06 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 0 # Disable version updates + # Only security updates will be created automatically \ No newline at end of file From d50837a6de447b1c922dd8e7e6066d25d03f2bef Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Wed, 20 Aug 2025 23:44:56 +0900 Subject: [PATCH 5/7] chore(ci): Remove dependabot.yml - use GitHub security updates instead --- .github/dependabot.yml | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 9afcb2b06..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - open-pull-requests-limit: 0 # Disable version updates - # Only security updates will be created automatically \ No newline at end of file From 8cfc400a9f6b160bc247fbc293410c2c2ebe616f Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Wed, 20 Aug 2025 23:55:39 +0900 Subject: [PATCH 6/7] chore(ci): Update GitHub Actions SHAs to latest versions - Update all workflow files with latest action SHAs using ratchet - Ensure security through SHA pinning while using current versions - Automated update as part of ratchet workflow implementation --- .github/workflows/ci.yml | 36 +++++++++++++-------------- .github/workflows/claude-review.yml | 4 +-- .github/workflows/claude.yml | 4 +-- .github/workflows/codeql.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/homebrew.yml | 6 ++--- .github/workflows/pack-repository.yml | 4 +-- .github/workflows/ratchet-update.yml | 6 ++--- .github/workflows/ratchet-verify.yml | 2 +- .github/workflows/test-action.yml | 2 +- 10 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f47b75581..3bee9dfdf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -69,7 +69,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -86,7 +86,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -102,7 +102,7 @@ jobs: name: Lint GitHub Actions runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: rhysd/actionlint@4e683ab8014a63fafa117492a0c6053758e6d593 # ratchet:rhysd/actionlint@v1.7.3 with: args: "-color" @@ -111,8 +111,8 @@ jobs: name: Check typos runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - - uses: crate-ci/typos@52bd719c2c91f9d676e2aa359fc8e0db8925e6d8 # ratchet:crate-ci/typos@master + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 + - uses: crate-ci/typos@a4c3e43aea0a9e9b9e6578d2731ebd9a27e8f6cd # ratchet:crate-ci/typos@master test: name: Test @@ -122,7 +122,7 @@ jobs: node-version: [20.x, 21.x, 22.x, 23.x, 24.x] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: @@ -141,7 +141,7 @@ jobs: bun-version: [latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Setup Bun ${{ matrix.bun-version }} uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # ratchet:oven-sh/setup-bun@v2 with: @@ -155,7 +155,7 @@ jobs: name: Test coverage runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -168,7 +168,7 @@ jobs: with: name: test-coverage path: coverage/ - - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # ratchet:codecov/codecov-action@v5 + - uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # ratchet:codecov/codecov-action@v5 with: fail_ci_if_error: true directory: ./coverage @@ -180,7 +180,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions @@ -200,7 +200,7 @@ jobs: node-version: [20.x, 21.x, 22.x, 23.x, 24.x] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: @@ -227,7 +227,7 @@ jobs: bun-version: [latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Setup Bun ${{ matrix.bun-version }} uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # ratchet:oven-sh/setup-bun@v2 with: @@ -250,14 +250,14 @@ jobs: runs-on: ubuntu-latest if: ${{ github.ref == 'refs/heads/main' }} steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # ratchet:actions/setup-node@v4 with: node-version-file: .tool-versions cache: npm - run: npm ci - run: npm run website-generate-schema - - uses: stefanzweifel/git-auto-commit-action@01d77ca6cb089da1360e540865f7d035c95aa199 # ratchet:stefanzweifel/git-auto-commit-action@v4 + - uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # ratchet:stefanzweifel/git-auto-commit-action@v4 with: commit_message: 'chore(schema): auto generate schema' commit_user_name: "github-actions[bot]" diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index ffa4068cc..9925853d9 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -13,12 +13,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 with: fetch-depth: 1 - name: Auto review PR - uses: anthropics/claude-code-action@02e9ed31816be8cb8d521a26f4ba981e5c89ac5e # ratchet:anthropics/claude-code-action@main + uses: anthropics/claude-code-action@194fca8b05f044ca6678c516c60c73d6b1d6dbae # ratchet:anthropics/claude-code-action@main with: direct_prompt: | Please review this PR. Look at the changes and provide thoughtful feedback on: diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 3ae3fe78b..aee67aa2d 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -25,12 +25,12 @@ jobs: id-token: write steps: - name: Checkout repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 with: fetch-depth: 1 - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@02e9ed31816be8cb8d521a26f4ba981e5c89ac5e # ratchet:anthropics/claude-code-action@main + uses: anthropics/claude-code-action@194fca8b05f044ca6678c516c60c73d6b1d6dbae # ratchet:anthropics/claude-code-action@main with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0acfd3e36..77b53b81f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,7 +26,7 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6eb03d251..491af93cc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Docker metadata id: meta diff --git a/.github/workflows/homebrew.yml b/.github/workflows/homebrew.yml index 5a3fb28c1..a3251be4e 100644 --- a/.github/workflows/homebrew.yml +++ b/.github/workflows/homebrew.yml @@ -10,15 +10,15 @@ jobs: runs-on: macos-latest steps: - name: Set up Homebrew - uses: Homebrew/actions/setup-homebrew@b3fb6f7cb1475434d4285b90020c2aa51f1e0b12 # ratchet:Homebrew/actions/setup-homebrew@master + uses: Homebrew/actions/setup-homebrew@87d3af7a72e5ede081b6dafce1798551a74fb366 # ratchet:Homebrew/actions/setup-homebrew@master with: test-bot: false - name: Configure Git user - uses: Homebrew/actions/git-user-config@b3fb6f7cb1475434d4285b90020c2aa51f1e0b12 # ratchet:Homebrew/actions/git-user-config@master + uses: Homebrew/actions/git-user-config@87d3af7a72e5ede081b6dafce1798551a74fb366 # ratchet:Homebrew/actions/git-user-config@master - name: Bump packages - uses: Homebrew/actions/bump-packages@b3fb6f7cb1475434d4285b90020c2aa51f1e0b12 # ratchet:Homebrew/actions/bump-packages@master + uses: Homebrew/actions/bump-packages@87d3af7a72e5ede081b6dafce1798551a74fb366 # ratchet:Homebrew/actions/bump-packages@master with: token: ${{ secrets.COMMITTER_TOKEN }} formulae: repomix diff --git a/.github/workflows/pack-repository.yml b/.github/workflows/pack-repository.yml index 800b364e3..9cfe5edb0 100644 --- a/.github/workflows/pack-repository.yml +++ b/.github/workflows/pack-repository.yml @@ -12,10 +12,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Pack repository with Repomix - uses: yamadashy/repomix/.github/actions/repomix@95b508050cb30d621e609f3b605f389c6851f154 # ratchet:yamadashy/repomix/.github/actions/repomix@main + uses: yamadashy/repomix/.github/actions/repomix@dbf406cd7f1651ec410a722eb9ebf2b1a1255b34 # ratchet:yamadashy/repomix/.github/actions/repomix@main with: output: repomix-output.xml diff --git a/.github/workflows/ratchet-update.yml b/.github/workflows/ratchet-update.yml index 2b4b87c3e..ca1f5714b 100644 --- a/.github/workflows/ratchet-update.yml +++ b/.github/workflows/ratchet-update.yml @@ -11,7 +11,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -39,7 +39,7 @@ jobs: - name: Create Pull Request if: steps.changes.outputs.has_changes == 'true' - uses: peter-evans/create-pull-request@70a41aba780001da0a30141984ae2a0c95d8704e # v6 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # ratchet:peter-evans/create-pull-request@v7 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'chore(ci): Update pinned GitHub Actions SHAs' @@ -55,4 +55,4 @@ jobs: - [x] Run `npm run test` - [x] Run `npm run lint` branch: chore/update-actions-shas - delete-branch: true \ No newline at end of file + delete-branch: true diff --git a/.github/workflows/ratchet-verify.yml b/.github/workflows/ratchet-verify.yml index 9f438f643..abd0a9a59 100644 --- a/.github/workflows/ratchet-verify.yml +++ b/.github/workflows/ratchet-verify.yml @@ -6,7 +6,7 @@ jobs: ratchet: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # ratchet:actions/setup-go@v5 with: go-version: stable diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 64c592519..eb42f2fe8 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -21,7 +21,7 @@ jobs: - node-version: 22 test-case: "full" steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # ratchet:actions/checkout@v4 - name: Run Repomix Action (Minimal) if: matrix['test-case'] == 'minimal' From c42aa4fa69879df7e33b14a493d1c970251cddce Mon Sep 17 00:00:00 2001 From: Kazuki Yamada Date: Thu, 21 Aug 2025 00:04:46 +0900 Subject: [PATCH 7/7] fix(ci): Fix shellcheck warnings in ratchet-update workflow --- .github/workflows/ratchet-update.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ratchet-update.yml b/.github/workflows/ratchet-update.yml index ca1f5714b..4719cc8ad 100644 --- a/.github/workflows/ratchet-update.yml +++ b/.github/workflows/ratchet-update.yml @@ -26,15 +26,15 @@ jobs: - name: Update pinned SHAs run: | - ratchet update .github/workflows/*.yml + ratchet update ".github/workflows/"*.yml - name: Check for changes id: changes run: | if git diff --quiet; then - echo "has_changes=false" >> $GITHUB_OUTPUT + echo "has_changes=false" >> "$GITHUB_OUTPUT" else - echo "has_changes=true" >> $GITHUB_OUTPUT + echo "has_changes=true" >> "$GITHUB_OUTPUT" fi - name: Create Pull Request