mirror of
https://github.com/esp8266/Arduino.git
synced 2025-09-21 02:03:12 +03:00
c12a6b48a2
* github: actions/checkout v2 -> v3 * github: actions/cache v2 -> v3 * github: actions/setup-python v2 -> v4 * github: dependabot for actions * github: 'restricted' mode for token permissions noticed at https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions whenever external action uses our token, overall workflow 'permissions:' apply https://docs.github.com/en/actions/security-guides/automatic-token-authentication https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token ref. apps documentation to understand which permissions API endpoints need https://docs.github.com/en/rest/overview/permissions-required-for-github-apps * missed tag-to-draft action
12 lines
438 B
YAML
12 lines
438 B
YAML
# see https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
|
|
# make sure our actions stay up-to-date and we know about any updates.
|
|
# most of the time, this happens for major releases.
|
|
# (...unless we stop using version tags and switch to hashes...)
|
|
|
|
version: 2
|
|
updates:
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|