From 6af6e1b4429b5faf5b97c943387af2c7cdbe7c92 Mon Sep 17 00:00:00 2001 From: Florian Stosse Date: Wed, 4 Jun 2025 10:01:43 +0200 Subject: [PATCH] Enable dependabot for GitHub Actions dependencies (#11093) * Pin GitHub Actions versions * Add Dependabot alerts for Actions --- .github/dependabot.yml | 6 ++++++ .github/workflows/build.yml | 4 ++-- .github/workflows/codespell.yml | 4 ++-- .github/workflows/staging.yml | 6 +++--- .github/workflows/transifex.yml | 2 +- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8ee946e28..5092f3cf2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,3 +11,9 @@ updates: - "chore-dependabot" ignore: - dependency-name: "sinon" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + labels: + - "chore-dependabot" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c4b5911e6..c01e772c6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,9 +21,9 @@ jobs: node-version: ['20', '22'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@v4.4.0 with: node-version: ${{ matrix.node-version }} - run: npm clean-install diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 01bb106a7..6a93f71c8 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -11,8 +11,8 @@ jobs: name: Check for spelling errors runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: codespell-project/actions-codespell@v2 + - uses: actions/checkout@v4.2.2 + - uses: codespell-project/actions-codespell@v2.1 with: check_filenames: true skip: ./.git,./data/territory_languages.json,./data/imagery.json,./data/languages.json,./data/address_formats.json,./dist/locales,./docs/img,./dist/img,./css,package.json,package-lock.json,scripts,docs diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 8fd314ccf..bdd10a7c2 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -13,12 +13,12 @@ jobs: runs-on: ubuntu-latest environment: workflows steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v4.2.2 + - uses: actions/setup-node@v4.4.0 with: node-version-file: '.nvmrc' # install and build development version of id-tagging-schema - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 with: repository: openstreetmap/id-tagging-schema path: './id-tagging-schema' diff --git a/.github/workflows/transifex.yml b/.github/workflows/transifex.yml index 202221081..74dba335c 100644 --- a/.github/workflows/transifex.yml +++ b/.github/workflows/transifex.yml @@ -19,7 +19,7 @@ jobs: environment: workflows steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 - name: Install Transifex client run: | curl -o- https://raw.githubusercontent.com/transifex/cli/master/install.sh | bash