Merge pull request #10 from trueberryless-org/update-template-files

Author: trueberryless

.github/renovate.json5

@@ -0,0 +1,31 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: [
+    ":disableDependencyDashboard",
+    ":semanticPrefixFixDepsChoreOthers",
+    ":ignoreModulesAndTests",
+    "workarounds:all",
+    "helpers:pinGitHubActionDigestsToSemver",
+    "docker:disable",
+  ],
+  rangeStrategy: "bump",
+  ignorePaths: ["**/node_modules/**"],
+  packageRules: [
+    {
+      groupName: "github-actions",
+      matchManagers: ["github-actions"],
+    },
+    {
+      matchManagers: ["npm"],
+      groupName: "dependencies",
+      matchDepTypes: ["devDependencies", "dependencies", "peerDependencies"],
+      enabled: false,
+    },
+    {
+      description: "Disable package manager version updates",
+      matchPackageNames: ["pnpm"],
+      matchDepTypes: ["packageManager"],
+      enabled: false,
+    },
+  ],
+}

.github/workflows/deployment.yaml

@@ -27,19 +27,19 @@ jobs:
     steps:
       - name: Generate GitHub App token
         id: generate_token
-        uses: tibdex/[email protected]
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
           app_id: ${{ secrets.BOT_APP_ID }}
           private_key: ${{ secrets.BOT_PRIVATE_KEY }}
 
       - name: Checkout Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup PNPM
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: "pnpm"
@@ -48,23 +48,33 @@ jobs:
         run: pnpm i
 
       - name: Create Release Pull Request
+        uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3
         id: changesets
-        uses: changesets/action@v1
         with:
-          commit: "[ci] release"
-          title: "[ci] release"
+          version: pnpm run version
+          commit: "ci: release"
+          title: "ci: release [skip netlify]"
         env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token}}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
+      - name: Get published version
+        if: steps.changesets.outputs.hasChangesets == 'true'
+        run: |
+          git checkout changeset-release/main
+          VERSION=$(node -p "require('./app/package.json').version")
+          NAME=$(node -p "require('./app/package.json').name")
+          git commit --amend -m "ci: release $NAME v$VERSION" --no-edit
+          git push origin changeset-release/main:changeset-release/main --force
+
   image-tag:
     name: Image Tag
     runs-on: ubuntu-latest
     outputs:
       IMAGE_TAG: ${{ env.IMAGE_TAG }}
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Read version from package.json
         id: get_version
@@ -79,7 +89,7 @@ jobs:
         needs.changesets.outputs.hasChangesets == 'false' && 
         (
           contains(github.event.head_commit.message, 'deploy') || 
-          contains(github.event.head_commit.message, '[ci] release')
+          contains(github.event.head_commit.message, 'release')
         )
       ) || 
       github.event_name == 'workflow_dispatch'
@@ -88,27 +98,27 @@ jobs:
       contents: write
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_OWNER }}/${{ env.IMAGE_NAME }}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
         with:
           context: ./app
           push: true
@@ -121,7 +131,7 @@ jobs:
         run: |
           yq eval '.spec.template.spec.containers[0].image = "${{ env.IMAGE_OWNER }}/${{ env.IMAGE_NAME }}:${{ needs.image-tag.outputs.IMAGE_TAG }}"' -i manifest/deployment.yaml
 
-      - uses: stefanzweifel/git-auto-commit-action@v4
+      - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
         with:
           commit_message: update deployment.json container image (automated)
 
@@ -133,10 +143,10 @@ jobs:
       contents: write
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - id: extract-changelog
-        uses: sean0x42/[email protected]
+        uses: sean0x42/markdown-extract@7b185cbe85263116bbf741e739e7198ba86465dc # v2.1.0
         with:
           file: app/CHANGELOG.md
           pattern: ${{ needs.image-tag.outputs.IMAGE_TAG }}
@@ -162,7 +172,7 @@ jobs:
         if: env.RELEASE_SKIPPED == 'false'
         env:
           DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }}
-        uses: Ilshidur/[email protected]
+        uses: Ilshidur/action-discord@0c4b27844ba47cb1c7bee539c8eead5284ce9fa9 # 0.3.2
         with:
           args: |
             # ${{ env.IMAGE_NAME }}@${{ needs.image-tag.outputs.IMAGE_TAG }}

.github/workflows/format.yaml

@@ -10,13 +10,13 @@ jobs:
   autofix:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup PNPM
-        uses: pnpm/action-setup@v3
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: 20
           cache: "pnpm"
@@ -32,6 +32,6 @@ jobs:
       - name: Run pngquant
         run: |
           shopt -s globstar
-          find . -name '*.png' -exec pngquant --ext .png --force 256 {} \;
+          find . -name '*.png' -exec pngquant --ext .png 256 {} \;
 
-      - uses: autofix-ci/action@ff86a557419858bb967097bfc916833f5647fa8c
+      - uses: autofix-ci/action@551dded8c6cc8a1054039c8bc0b8b48c51dfc6ef

.github/workflows/labeler.yaml

@@ -11,12 +11,12 @@ jobs:
     steps:
       - name: Generate GitHub App token
         id: generate_token
-        uses: tibdex/[email protected]
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
           app_id: ${{ secrets.BOT_APP_ID }}
           private_key: ${{ secrets.BOT_PRIVATE_KEY }}
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Ensure labels exist
         env:
           GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
@@ -49,7 +49,7 @@ jobs:
           gh label create "🏯 styles" --description "Stylesheets or design updates" --color "550F5A" --force
           gh label create "🔒 wontfix" --description "This will not be worked on" --color "FFFFFF" --force
 
-      - uses: actions/labeler@v5
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
         with:
           configuration-path: .github/labeler.yaml
           sync-labels: true

.github/workflows/welcome-bot.yaml

@@ -15,19 +15,19 @@ jobs:
     steps:
       - name: Generate GitHub App token
         id: generate_token
-        uses: tibdex/[email protected]
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
           app_id: ${{ secrets.BOT_APP_ID }}
           private_key: ${{ secrets.BOT_PRIVATE_KEY }}
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Convert Repository Name to Title Case
         id: convert_repo_name
         run: |
           REPO_NAME="${{ github.event.repository.name }}"
           TITLE_CASE_REPO_NAME=$(echo "$REPO_NAME" | sed 's/-/ /g' | awk '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2))} 1')
           echo "title_case_repo_name=$TITLE_CASE_REPO_NAME" >> $GITHUB_ENV
-      - uses: zephyrproject-rtos/action-first-interaction@7e6446f8439d8b4399169880c36a3a12b5747699
+      - uses: zephyrproject-rtos/action-first-interaction@58853996b1ac504b8e0f6964301f369d2bb22e5c
         with:
           repo-token: ${{ steps.generate_token.outputs.token }}
           pr-opened-message: |

app/package.json

@@ -2,5 +2,5 @@
   "name": "release-image-generator",
   "version": "0.2.2",
   "private": true,
-  "packageManager": "pnpm@9.6.0"
+  "packageManager": "pnpm@10.10.0"
 }

package.json

@@ -17,5 +17,5 @@
     "@changesets/changelog-github": "^0.5.0",
     "@changesets/cli": "^2.27.11"
   },
-  "packageManager": "pnpm@9.6.0"
+  "packageManager": "pnpm@10.10.0"
 }