diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a45182b..eaf6ad0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,6 +15,14 @@ updates: prefix: "GH Actions:" labels: - "Type: chores/QA" + cooldown: + semver-major-days: 10 + groups: + action-runners: + applies-to: version-updates + update-types: + - "minor" + - "patch" - package-ecosystem: "composer" directory: "/" diff --git a/.github/workflows/label-merge-conflicts.yml b/.github/workflows/label-merge-conflicts.yml index 8752360..1ba9c08 100644 --- a/.github/workflows/label-merge-conflicts.yml +++ b/.github/workflows/label-merge-conflicts.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Check PRs for merge conflicts - uses: eps1lon/actions-label-merge-conflict@v3 + uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3 with: dirtyLabel: "Status: has merge conflict" repoToken: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 4dc6409..61b12e9 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # 2.35.4 with: php-version: 'latest' coverage: none @@ -37,13 +37,13 @@ jobs: # Install dependencies and handle caching in one go. # @link https://github.com/marketplace/actions/install-php-dependencies-with-composer - name: Install Composer dependencies - uses: "ramsey/composer-install@v3" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 with: # Bust the cache at least once a month - output format: YYYY-MM. custom-cache-suffix: $(date -u "+%Y-%m") - name: Validate Project PHPCS ruleset against schema - uses: phpcsstandards/xmllint-validate@v1 + uses: phpcsstandards/xmllint-validate@0fd9c4a9046055f621fca4bbdccb8eab1fd59fdc # v1.0.1 with: pattern: "phpcs.xml.dist" xsd-file: "vendor/squizlabs/php_codesniffer/phpcs.xsd" diff --git a/.github/workflows/update-website.yml b/.github/workflows/update-website.yml index 949fb7a..9edb226 100644 --- a/.github/workflows/update-website.yml +++ b/.github/workflows/update-website.yml @@ -50,12 +50,12 @@ jobs: fi - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ steps.base_branch.outputs.BRANCH }} - name: Install PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # 2.35.4 with: php-version: '8.4' ini-values: error_reporting=-1, display_errors=On, display_startup_errors=On, log_errors_max_len=0 @@ -79,21 +79,21 @@ jobs: # Commit all changed files back to the repository - name: Commit updated files - uses: stefanzweifel/git-auto-commit-action@v6 + uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1 with: commit_message: "Update XSD files" add_options: '-A' - name: Check GitHub Pages status - uses: crazy-max/ghaction-github-status@v4 + uses: crazy-max/ghaction-github-status@fa6ac37620bc5d44b93e15caed498629665e9ff5 # v4.2.0 with: pages_threshold: major_outage - name: Setup Pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - name: Upload static files as artifact - uses: actions/upload-pages-artifact@v4 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 with: # Upload _site directory only. path: _site/ @@ -113,4 +113,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5