Skip to content

Commit

Permalink
Bump the actions group in /.github/workflows with 11 updates
Browse files Browse the repository at this point in the history
Bumps the actions group in /.github/workflows with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.0` | `4.2.2` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5.2.0` | `5.3.0` |
| [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6.1.0` | `6.2.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.4` | `4.4.0` |
| [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.2` |
| [mamba-org/setup-micromamba](https://github.com/mamba-org/setup-micromamba) | `1.10.0` | `2.0.0` |
| [coverallsapp/github-action](https://github.com/coverallsapp/github-action) | `2.3.0` | `2.3.4` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.10.2` | `1.11.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.0` | `4.4.3` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.26.10` | `3.27.0` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.8` | `2.0.9` |


Updates `actions/checkout` from 4.2.0 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@d632683...11bd719)

Updates `actions/setup-python` from 5.2.0 to 5.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@f677139...0b93645)

Updates `crazy-max/ghaction-import-gpg` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Commits](crazy-max/ghaction-import-gpg@01dd5d3...cb9bde2)

Updates `actions/dependency-review-action` from 4.3.4 to 4.4.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@5a2ce3f...4081bf9)

Updates `actions/cache` from 4.0.2 to 4.1.2
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0c45773...6849a64)

Updates `mamba-org/setup-micromamba` from 1.10.0 to 2.0.0
- [Release notes](https://github.com/mamba-org/setup-micromamba/releases)
- [Commits](mamba-org/setup-micromamba@59b1132...617811f)

Updates `coverallsapp/github-action` from 2.3.0 to 2.3.4
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](coverallsapp/github-action@643bc37...cfd0633)

Updates `pypa/gh-action-pypi-publish` from 1.10.2 to 1.11.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@897895f...fb13cb3)

Updates `actions/upload-artifact` from 4.4.0 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@5076954...b4b15b8)

Updates `github/codeql-action` from 3.26.10 to 3.27.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@e2b3eaf...6624720)

Updates `softprops/action-gh-release` from 2.0.8 to 2.0.9
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@c062e08...e7a8f85)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: mamba-org/setup-micromamba
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: coverallsapp/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
  • Loading branch information
dependabot[bot] authored Nov 1, 2024
1 parent adec83e commit 39050e1
Show file tree
Hide file tree
Showing 7 changed files with 25 additions and 25 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/bump-version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,15 +62,15 @@ jobs:
app-id: ${{ secrets.OURANOS_HELPER_BOT_ID }}
private-key: ${{ secrets.OURANOS_HELPER_BOT_KEY }}
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
token: ${{ steps.token_generator.outputs.token }}
- name: Set up Python3
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.x"
- name: Import GPG Key
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
with:
gpg_private_key: ${{ secrets.OURANOS_HELPER_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.OURANOS_HELPER_BOT_GPG_PRIVATE_KEY_PASSWORD }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cache-cleaner.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
objects.githubusercontent.com:443
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Cleanup
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
github.com:443
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Dependency Review
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
16 changes: 8 additions & 8 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@ jobs:
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python${{ matrix.python-version }}
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
Expand Down Expand Up @@ -68,17 +68,17 @@ jobs:
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python${{ matrix.python-version }}
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install CI libraries
run: |
python -m pip install --require-hashes -r CI/requirements_ci.txt
- name: Environment Caching
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: .tox
key: ${{ matrix.os }}-Python${{ matrix.python-version }}-${{ hashFiles('pyproject.toml', 'tox.ini') }}
Expand Down Expand Up @@ -108,9 +108,9 @@ jobs:
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
uses: mamba-org/setup-micromamba@59b11321ffd9186cd5165633a02c5bba47de6d13 # v1.10.0
uses: mamba-org/setup-micromamba@617811f69075e3fd3ae68ca64220ad065877f246 # v2.0.0
with:
cache-downloads: true
cache-environment: true
Expand Down Expand Up @@ -149,6 +149,6 @@ jobs:
disable-sudo: true
egress-policy: audit
- name: Coveralls Finished
uses: coverallsapp/github-action@643bc377ffa44ace6394b2b5d0d3950076de9f63 # v2.3.0
uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 # v2.3.4
with:
parallel-finished: true
6 changes: 3 additions & 3 deletions .github/workflows/publish-pypi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ jobs:
pypi.org:443
upload.pypi.org:443
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python3
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.x"
- name: Install CI libraries
Expand All @@ -40,4 +40,4 @@ jobs:
run: |
python -m flit build
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2
uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0
6 changes: 3 additions & 3 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ jobs:
www.bestpractices.dev:443
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false

Expand All @@ -72,14 +72,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: Upload Artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # 3.26.10
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # 3.27.0
with:
sarif_file: results.sarif
10 changes: 5 additions & 5 deletions .github/workflows/tag-testpypi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ jobs:
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create Release
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # 2.0.8
uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # 2.0.9
env:
# This token is provided by Actions, you do not need to create your own token
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down Expand Up @@ -52,9 +52,9 @@ jobs:
pypi.org:443
test.pypi.org:443
- name: Checkout Repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python3
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.x"
- name: Install CI libraries
Expand All @@ -64,7 +64,7 @@ jobs:
run: |
python -m flit build
- name: Publish distribution 📦 to Test PyPI
uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2
uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0
with:
repository-url: https://test.pypi.org/legacy/
skip-existing: true

0 comments on commit 39050e1

Please sign in to comment.