From fdce1a0fcdbb288374774de15c4bfd6a3b95e2fa Mon Sep 17 00:00:00 2001 From: Stefan Jansen Date: Thu, 30 Apr 2026 11:20:22 -0400 Subject: [PATCH] ci: update GitHub Actions and add Dependabot --- .github/dependabot.yml | 37 +++++++++++++++++++++++++++++++++++ .github/workflows/ci.yml | 18 ++++++++--------- .github/workflows/release.yml | 12 ++++++------ 3 files changed, 52 insertions(+), 15 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..7394a3a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,37 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "06:00" + timezone: "America/New_York" + open-pull-requests-limit: 10 + labels: + - "dependencies" + - "github-actions" + commit-message: + prefix: "ci" + groups: + github-actions: + patterns: + - "*" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "06:15" + timezone: "America/New_York" + open-pull-requests-limit: 10 + labels: + - "dependencies" + - "python" + commit-message: + prefix: "deps" + groups: + python-dependencies: + patterns: + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd9aed9..6b9a11e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,10 +14,10 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: version: "latest" @@ -37,10 +37,10 @@ jobs: name: Type Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: version: "latest" @@ -62,10 +62,10 @@ jobs: python-version: ["3.12", "3.13"] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: version: "latest" @@ -83,12 +83,12 @@ jobs: runs-on: ubuntu-latest needs: [lint, typecheck, test] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: version: "latest" @@ -99,7 +99,7 @@ jobs: run: uv build - name: Upload build artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7.0.1 with: name: dist path: dist/ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dd3ae72..6faf986 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,12 +12,12 @@ jobs: name: Build Package runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: version: "latest" @@ -28,7 +28,7 @@ jobs: run: uv build - name: Upload build artifacts - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7.0.1 with: name: dist path: dist/ @@ -42,13 +42,13 @@ jobs: id-token: write steps: - name: Download build artifacts - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v8.0.1 with: name: dist path: dist/ - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@v1.14.0 github-release: name: Create GitHub Release @@ -57,7 +57,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Create GitHub Release env: