diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..fb706b3 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,31 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: [ + ":disableDependencyDashboard", + ":semanticPrefixFixDepsChoreOthers", + ":ignoreModulesAndTests", + "workarounds:all", + "helpers:pinGitHubActionDigestsToSemver", + "docker:disable", + ], + rangeStrategy: "bump", + ignorePaths: ["**/node_modules/**"], + packageRules: [ + { + groupName: "github-actions", + matchManagers: ["github-actions"], + }, + { + matchManagers: ["npm"], + groupName: "dependencies", + matchDepTypes: ["devDependencies", "dependencies", "peerDependencies"], + enabled: false, + }, + { + description: "Disable package manager version updates", + matchPackageNames: ["pnpm"], + matchDepTypes: ["packageManager"], + enabled: false, + }, + ], +} diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml index 0b56a83..bef8737 100644 --- a/.github/workflows/deployment.yaml +++ b/.github/workflows/deployment.yaml @@ -27,19 +27,19 @@ jobs: steps: - name: Generate GitHub App token id: generate_token - uses: tibdex/github-app-token@v2.1.0 + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 with: app_id: ${{ secrets.BOT_APP_ID }} private_key: ${{ secrets.BOT_PRIVATE_KEY }} - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup PNPM - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: ${{ env.NODE_VERSION }} cache: "pnpm" @@ -48,15 +48,25 @@ jobs: run: pnpm i - name: Create Release Pull Request + uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3 id: changesets - uses: changesets/action@v1 with: - commit: "[ci] release" - title: "[ci] release" + version: pnpm run version + commit: "ci: release" + title: "ci: release [skip netlify]" env: - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + GITHUB_TOKEN: ${{ steps.generate_token.outputs.token}} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + - name: Get published version + if: steps.changesets.outputs.hasChangesets == 'true' + run: | + git checkout changeset-release/main + VERSION=$(node -p "require('./app/package.json').version") + NAME=$(node -p "require('./app/package.json').name") + git commit --amend -m "ci: release $NAME v$VERSION" --no-edit + git push origin changeset-release/main:changeset-release/main --force + image-tag: name: Image Tag runs-on: ubuntu-latest @@ -64,7 +74,7 @@ jobs: IMAGE_TAG: ${{ env.IMAGE_TAG }} steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Read version from package.json id: get_version @@ -79,7 +89,7 @@ jobs: needs.changesets.outputs.hasChangesets == 'false' && ( contains(github.event.head_commit.message, 'deploy') || - contains(github.event.head_commit.message, '[ci] release') + contains(github.event.head_commit.message, 'release') ) ) || github.event_name == 'workflow_dispatch' @@ -88,27 +98,27 @@ jobs: contents: write steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Log in to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_OWNER }}/${{ env.IMAGE_NAME }} - name: Build and push Docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0 with: context: ./app push: true @@ -121,7 +131,7 @@ jobs: run: | yq eval '.spec.template.spec.containers[0].image = "${{ env.IMAGE_OWNER }}/${{ env.IMAGE_NAME }}:${{ needs.image-tag.outputs.IMAGE_TAG }}"' -i manifest/deployment.yaml - - uses: stefanzweifel/git-auto-commit-action@v4 + - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0 with: commit_message: update deployment.json container image (automated) @@ -133,10 +143,10 @@ jobs: contents: write steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: extract-changelog - uses: sean0x42/markdown-extract@v2.1.0 + uses: sean0x42/markdown-extract@7b185cbe85263116bbf741e739e7198ba86465dc # v2.1.0 with: file: app/CHANGELOG.md pattern: ${{ needs.image-tag.outputs.IMAGE_TAG }} @@ -162,7 +172,7 @@ jobs: if: env.RELEASE_SKIPPED == 'false' env: DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }} - uses: Ilshidur/action-discord@0.3.2 + uses: Ilshidur/action-discord@0c4b27844ba47cb1c7bee539c8eead5284ce9fa9 # 0.3.2 with: args: | # ${{ env.IMAGE_NAME }}@${{ needs.image-tag.outputs.IMAGE_TAG }} diff --git a/.github/workflows/format.yaml b/.github/workflows/format.yaml index 1defa5d..00df264 100644 --- a/.github/workflows/format.yaml +++ b/.github/workflows/format.yaml @@ -10,13 +10,13 @@ jobs: autofix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup PNPM - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 20 cache: "pnpm" @@ -32,6 +32,6 @@ jobs: - name: Run pngquant run: | shopt -s globstar - find . -name '*.png' -exec pngquant --ext .png --force 256 {} \; + find . -name '*.png' -exec pngquant --ext .png 256 {} \; - - uses: autofix-ci/action@ff86a557419858bb967097bfc916833f5647fa8c + - uses: autofix-ci/action@551dded8c6cc8a1054039c8bc0b8b48c51dfc6ef diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 162e678..5de5457 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -11,12 +11,12 @@ jobs: steps: - name: Generate GitHub App token id: generate_token - uses: tibdex/github-app-token@v2.1.0 + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 with: app_id: ${{ secrets.BOT_APP_ID }} private_key: ${{ secrets.BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Ensure labels exist env: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} @@ -49,7 +49,7 @@ jobs: gh label create "🏯 styles" --description "Stylesheets or design updates" --color "550F5A" --force gh label create "🔒 wontfix" --description "This will not be worked on" --color "FFFFFF" --force - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 with: configuration-path: .github/labeler.yaml sync-labels: true diff --git a/.github/workflows/welcome-bot.yaml b/.github/workflows/welcome-bot.yaml index 6bdd228..29942a3 100644 --- a/.github/workflows/welcome-bot.yaml +++ b/.github/workflows/welcome-bot.yaml @@ -15,19 +15,19 @@ jobs: steps: - name: Generate GitHub App token id: generate_token - uses: tibdex/github-app-token@v2.1.0 + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 with: app_id: ${{ secrets.BOT_APP_ID }} private_key: ${{ secrets.BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Convert Repository Name to Title Case id: convert_repo_name run: | REPO_NAME="${{ github.event.repository.name }}" TITLE_CASE_REPO_NAME=$(echo "$REPO_NAME" | sed 's/-/ /g' | awk '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2))} 1') echo "title_case_repo_name=$TITLE_CASE_REPO_NAME" >> $GITHUB_ENV - - uses: zephyrproject-rtos/action-first-interaction@7e6446f8439d8b4399169880c36a3a12b5747699 + - uses: zephyrproject-rtos/action-first-interaction@58853996b1ac504b8e0f6964301f369d2bb22e5c with: repo-token: ${{ steps.generate_token.outputs.token }} pr-opened-message: | diff --git a/app/package.json b/app/package.json index 13856fa..959e769 100644 --- a/app/package.json +++ b/app/package.json @@ -2,5 +2,5 @@ "name": "release-image-generator", "version": "0.2.2", "private": true, - "packageManager": "pnpm@9.6.0" + "packageManager": "pnpm@10.10.0" } diff --git a/package.json b/package.json index 0579d45..6b06dea 100644 --- a/package.json +++ b/package.json @@ -17,5 +17,5 @@ "@changesets/changelog-github": "^0.5.0", "@changesets/cli": "^2.27.11" }, - "packageManager": "pnpm@9.6.0" + "packageManager": "pnpm@10.10.0" }