diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 23c4cb3b5..88459140e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,13 @@ --- +# SPDX-License-Identifier: GPL-2.0-or-later + version: 2 updates: - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" + ignore: + - dependency-name: "*" + update-types: + - "version-update:semver-patch" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ac9823e7b..d591b5617 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,11 +19,11 @@ jobs: container: image: ghcr.io/linux-nvme/debian.python:latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: build run: | scripts/build.sh -b ${{ matrix.buildtype }} -c ${{ matrix.compiler }} -x - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 name: upload logs if: failure() with: @@ -40,26 +40,24 @@ jobs: - arch: s390x - arch: ppc64le steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: enable foreign arch - uses: dbhi/qus/action@main + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: compile and run unit tests - uses: mosteo-actions/docker-run@v2 - with: - image: ghcr.io/linux-nvme/ubuntu-cross-${{ matrix.arch }}:latest - guest-dir: /build - host-dir: ${{ github.workspace }} - command: | - scripts/build.sh -b release -c gcc -t ${{ matrix.arch }} cross - params: "--platform linux/amd64" - pull-params: "--platform linux/amd64" - - uses: actions/upload-artifact@v5 + run: | + docker run --rm \ + --platform linux/amd64 \ + -v "${{ github.workspace }}:/build" \ + -w /build \ + ghcr.io/linux-nvme/ubuntu-cross-${{ matrix.arch }}:latest \ + sh -c "git config --global --add safe.directory /build && scripts/build.sh -b release -c gcc -t ${{ matrix.arch }} cross" + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 name: upload logs if: failure() with: @@ -73,11 +71,11 @@ jobs: container: image: ghcr.io/linux-nvme/debian:latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: build run: | scripts/build.sh -b release -c gcc libdbus - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 name: upload logs if: failure() with: @@ -92,11 +90,11 @@ jobs: image: ghcr.io/linux-nvme/debian:latest if: github.ref == 'refs/heads/master' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: build run: | scripts/build.sh -b release -c gcc fallback - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: failure() with: name: log files @@ -109,7 +107,7 @@ jobs: container: image: ghcr.io/linux-nvme/debian:latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: build run: | scripts/build.sh -m muon diff --git a/.github/workflows/checkpatch.yml b/.github/workflows/checkpatch.yml index 06c60c876..3253f6e83 100644 --- a/.github/workflows/checkpatch.yml +++ b/.github/workflows/checkpatch.yml @@ -7,9 +7,9 @@ jobs: steps: - name: 'Calculate PR commits + 1' run: echo "PR_FETCH_DEPTH=$(( ${{ github.event.pull_request.commits }} + 1 ))" >> $GITHUB_ENV - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - name: Run checkpatch review - uses: webispy/checkpatch-action@v9 + uses: webispy/checkpatch-action@58374fe5bb03358b23d3d6871e2ff290ce77fcd2 # v9 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 4858d498a..3fa611568 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -14,11 +14,11 @@ jobs: container: image: ghcr.io/linux-nvme/debian.python:latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: build run: | scripts/build.sh coverage - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 73b7ec420..34e6ccf03 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -16,7 +16,7 @@ jobs: container: image: ghcr.io/linux-nvme/debian:latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: build run: | scripts/build.sh docs diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 7ff842c59..d964715a4 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -21,7 +21,7 @@ jobs: container: image: ghcr.io/linux-nvme/debian.python:latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Allow workspace run: | @@ -35,7 +35,7 @@ jobs: run: | pipx run twine check dist/*.tar.gz - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: dist/*.tar.gz retention-days: 5 @@ -49,7 +49,7 @@ jobs: image: ghcr.io/linux-nvme/debian.python:latest steps: - name: Check out repository (with tags) - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Required for `git describe` @@ -79,7 +79,7 @@ jobs: run: | pipx run twine check dist/*.tar.gz - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: test_pypi path: dist/*.tar.gz @@ -95,13 +95,13 @@ jobs: id-token: write if: github.repository == 'linux-nvme/libnvme' steps: - - uses: actions/download-artifact@v6 + - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: test_pypi path: dist - name: Publish package to TestPyPI - uses: pypa/gh-action-pypi-publish@v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: repository-url: https://test.pypi.org/legacy/ @@ -123,12 +123,12 @@ jobs: fi - name: Download artifiact - uses: actions/download-artifact@v6 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 if: steps.check-tag.outputs.match == 'true' with: name: artifact path: dist - name: Publish package to PyPI - uses: pypa/gh-action-pypi-publish@v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 if: steps.check-tag.outputs.match == 'true' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f1e373f73..5ee995107 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,9 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v5 - - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Create Release + run: | + gh release create "${GITHUB_REF_NAME}" --generate-notes + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}