William Woodruff
b1836110f7
chore(ci): address CI lint findings ( #545 )
...
This addresses all of zizmor's non-pedantic findings, and adds a
workflow to proactively flag any more that come in.
Key changes:
* I've hash-pinned all actions references. Dependabot will continue to
keep these updated and will update the hash comments as well.
* I've marked every `actions/checkout` with `persist-credentials: false`
except for one that actually needs persisted credentials (which I've
explicitly enabled with an explanatory comment)
* I've dropped some workflow-level permissions in favor of job-level
permissions that were already provisioned.
* I fixed two small template injections caused by expanding output
contexts. I think these were not exploitable in practice, but fixing
them is good for defense in depth (and makes spellcheck work nicely on
these steps).
---------
Signed-off-by: William Woodruff <william@astral.sh >
2025-09-02 13:29:06 +00:00
Kevin Stillhammer
ced7c1dde4
Run infrastructure workflows on arm runners ( #396 )
...
Use more efficient runners to save resources. Every bit counts.
2025-05-01 20:22:40 +02:00
Kevin Stillhammer
389b596663
Set required workflow permissions ( #329 )
2025-03-18 15:21:29 +01:00
Kevin Stillhammer
04c950a723
Add workflow_dispatch triggers to every workflow ( #326 )
...
Allows for easier testing.
2025-03-18 15:04:58 +01:00
dependabot[bot]
982fbca0f8
Bump release-drafter/release-drafter from 6.0.0 to 6.1.0 ( #249 )
...
Bumps
[release-drafter/release-drafter](https://github.com/release-drafter/release-drafter )
from 6.0.0 to 6.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/release-drafter/release-drafter/releases ">release-drafter/release-drafter's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h1>What's Changed</h1>
<h2>New</h2>
<ul>
<li>Add config option for PR query limit (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1362 ">#1362</a>)
<a href="https://github.com/ssolbeck "><code>@ssolbeck</code></a></li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix: Correctly mention bot accounts in release notes (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1376 ">#1376</a>)
<a
href="https://github.com/jamietanna "><code>@jamietanna</code></a></li>
<li>Update only drafts with the same prerelease status (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1385 ">#1385</a>)
<a href="https://github.com/jaap3 "><code>@jaap3</code></a></li>
</ul>
<h2>Documentation</h2>
<ul>
<li>docs: Fix Fork Link (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1412 ">#1412</a>)
<a href="https://github.com/Dor-bl "><code>@Dor-bl</code></a></li>
<li>Ensure support new default branch name (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1079 ">#1079</a>)
<a
href="https://github.com/Triloworld "><code>@Triloworld</code></a></li>
<li>update schema generation and update schema to draft 07 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1422 ">#1422</a>)
<a href="https://github.com/jetersen "><code>@jetersen</code></a></li>
<li>fix typo: therelease (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1407 ">#1407</a>)
<a href="https://github.com/billykern "><code>@billykern</code></a></li>
<li>Document added action outputs introduced in <a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1300 ">#1300</a>
(<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1406 ">#1406</a>)
<a href="https://github.com/SVNKoch "><code>@SVNKoch</code></a></li>
<li>Update README.md (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1421 ">#1421</a>)
<a href="https://github.com/yusufraji "><code>@yusufraji</code></a></li>
<li>fix: update broken link in readme (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1416 ">#1416</a>)
<a href="https://github.com/kopach "><code>@kopach</code></a></li>
<li>Update v6 README.md (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1384 ">#1384</a>)
<a href="https://github.com/taku333 "><code>@taku333</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/release-drafter/release-drafter/compare/v6.0.0...v6.1.0 ">https://github.com/release-drafter/release-drafter/compare/v6.0.0...v6.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b1476f6e6ed7328d2775https://redirect.github.com/release-drafter/release-drafter/issues/1362 ">#1362</a>)</li>
<li><a
href="5faffa9238https://redirect.github.com/release-drafter/release-drafter/issues/1412 ">#1412</a>)</li>
<li><a
href="a9142316e1https://redirect.github.com/release-drafter/release-drafter/issues/1079 ">#1079</a>)</li>
<li><a
href="d6eceacd0bhttps://redirect.github.com/release-drafter/release-drafter/issues/1376 ">#1376</a>)</li>
<li><a
href="41c11a26b9https://redirect.github.com/release-drafter/release-drafter/issues/1422 ">#1422</a>)</li>
<li><a
href="8296e405c2https://redirect.github.com/release-drafter/release-drafter/issues/1407 ">#1407</a>)</li>
<li><a
href="0ad4f70155https://redirect.github.com/release-drafter/release-drafter/issues/1300 ">#1300</a>
(<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1406 ">#1406</a>)</li>
<li><a
href="378bacb075https://redirect.github.com/release-drafter/release-drafter/issues/1421 ">#1421</a>)</li>
<li><a
href="c139411053https://redirect.github.com/release-drafter/release-drafter/issues/1385 ">#1385</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/release-drafter/release-drafter/compare/v6.0.0...v6.1.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-26 19:43:56 +01:00
Charlie Marsh
0fa3b93f6e
Run Prettier over Markdown and YAML files ( #35 )
...
## Summary
Partly personal preference, but mostly to align with other Astral
projects.
2024-09-04 21:14:10 +00:00
Kevin Stillhammer
18498fc78f
Initial commit
2024-08-23 23:58:26 +02:00
