diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..30dd030d3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# see https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot +# make sure our actions stay up-to-date and we know about any updates. +# most of the time, this happens for major releases. +# (...unless we stop using version tags and switch to hashes...) + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1426a0c6a..a1bd24d45 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -9,6 +9,10 @@ on: pull_request: +permissions: + contents: read + + jobs: # Run 8 parallel jobs for the default build of all examples. @@ -22,15 +26,15 @@ jobs: matrix: chunk: [0, 1, 2, 3, 4, 5, 6, 7] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Cache Linux toolchain id: cache-linux - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ./tools/dist key: ${{ runner.os }}-${{ hashFiles('package/package_esp8266com_index.template.json', 'tests/common.sh') }} @@ -57,15 +61,15 @@ jobs: matrix: chunk: [0, 1, 2, 3, 4, 5, 6, 7] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Cache Linux toolchain id: cache-linux - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ./tools/dist key: ${{ runner.os }}-${{ hashFiles('package/package_esp8266com_index.template.json', 'tests/common.sh') }} @@ -85,15 +89,15 @@ jobs: name: Windows runs-on: windows-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Cache Windows toolchain id: cache-windows - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ./tools/dist key: ${{ runner.os }}-${{ hashFiles('package/package_esp8266com_index.template.json', 'tests/common.sh') }} @@ -120,15 +124,15 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Cache Mac toolchain id: cache-mac - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ./tools/dist key: ${{ runner.os }}-${{ hashFiles('package/package_esp8266com_index.template.json', 'tests/common.sh') }} @@ -152,10 +156,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Build subset on Platform.IO @@ -179,10 +183,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Run host tests @@ -203,10 +207,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Build documentation @@ -230,10 +234,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Style check @@ -264,10 +268,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Mock build @@ -286,15 +290,15 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Cache Linux toolchain id: cache-linux - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ./tools/dist key: ${{ runner.os }}-${{ hashFiles('package/package_esp8266com_index.template.json', 'tests/common.sh') }} @@ -316,7 +320,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true - name: Run codespell diff --git a/.github/workflows/release-to-publish.yml b/.github/workflows/release-to-publish.yml index 8c815e4fd..cdba16b32 100644 --- a/.github/workflows/release-to-publish.yml +++ b/.github/workflows/release-to-publish.yml @@ -28,6 +28,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: package: name: Update master JSON file @@ -36,7 +39,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: false fetch-depth: 0 diff --git a/.github/workflows/tag-to-draft-release.yml b/.github/workflows/tag-to-draft-release.yml index 51240262d..fc87f1ba8 100644 --- a/.github/workflows/tag-to-draft-release.yml +++ b/.github/workflows/tag-to-draft-release.yml @@ -18,11 +18,11 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: submodules: true fetch-depth: 0 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: '3.x' - name: Set GIT tag name