diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b85dc1893..fef2e6da9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,3 +6,5 @@ updates: interval: "weekly" labels: - "dependencies" + cooldown: + default-days: 7 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4150a32a9..e6503ba99 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,12 +15,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 919ff766b..99aa1e5e8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,18 +18,19 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 with: languages: ${{ matrix.language }} queries: security-and-quality - name: Autobuild CodeQL - uses: github/codeql-action/autobuild@v4 + uses: github/codeql-action/autobuild@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 79df744d4..e73825083 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -7,6 +7,7 @@ jobs: test: name: Test runs-on: ubuntu-latest + environment: code-coverage strategy: fail-fast: false @@ -15,12 +16,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} @@ -31,7 +33,7 @@ jobs: run: npx gulp unittestcli --coverage - name: Upload results to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/fluent_linter.yml b/.github/workflows/fluent_linter.yml index 0cc989c9a..f92d1df03 100644 --- a/.github/workflows/fluent_linter.yml +++ b/.github/workflows/fluent_linter.yml @@ -25,10 +25,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Use Python 3.14 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.14' cache: 'pip' diff --git a/.github/workflows/font_tests.yml b/.github/workflows/font_tests.yml index c44422048..1dcecb6e9 100644 --- a/.github/workflows/font_tests.yml +++ b/.github/workflows/font_tests.yml @@ -33,15 +33,17 @@ jobs: os: [windows-latest, ubuntu-latest] runs-on: ${{ matrix.os }} + environment: code-coverage steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} @@ -49,7 +51,7 @@ jobs: run: npm ci - name: Use Python 3.14 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.14' cache: 'pip' @@ -64,11 +66,11 @@ jobs: run: npx gulp fonttest --headless --coverage --coverage-output build/coverage/font - name: Upload results to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true files: ./build/coverage/font/lcov.info flags: fonttest name: codecov-umbrella - verbose: true \ No newline at end of file + verbose: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d601d40c5..249b6d2bf 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -15,12 +15,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} diff --git a/.github/workflows/prefs_tests.yml b/.github/workflows/prefs_tests.yml index 2edbf1529..02cce134b 100644 --- a/.github/workflows/prefs_tests.yml +++ b/.github/workflows/prefs_tests.yml @@ -15,12 +15,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml index ea903e1fb..5fe18a329 100644 --- a/.github/workflows/publish_release.yml +++ b/.github/workflows/publish_release.yml @@ -17,12 +17,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/publish_website.yml b/.github/workflows/publish_website.yml index dd6640ffd..f8d12822a 100644 --- a/.github/workflows/publish_website.yml +++ b/.github/workflows/publish_website.yml @@ -17,12 +17,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} @@ -49,7 +50,7 @@ jobs: INPUT_PATH: build/gh-pages - name: Upload the website - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: github-pages path: ${{ runner.temp }}/website.tar @@ -66,4 +67,4 @@ jobs: steps: - name: Deploy the website - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/.github/workflows/types_tests.yml b/.github/workflows/types_tests.yml index d569b1b02..4a2a19fc5 100644 --- a/.github/workflows/types_tests.yml +++ b/.github/workflows/types_tests.yml @@ -15,12 +15,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 + persist-credentials: false - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: ${{ matrix.node-version }} diff --git a/.github/workflows/update_locales.yml b/.github/workflows/update_locales.yml index 36e768354..87a5437cd 100644 --- a/.github/workflows/update_locales.yml +++ b/.github/workflows/update_locales.yml @@ -17,10 +17,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Use Node.js LTS - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: lts/*