Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,11 @@ updates:
directory: "/"
schedule:
interval: "monthly"
cooldown:
default-days: 7
groups:
actions:
patterns: ["*"]
update-types:
- "minor"
- "patch"
7 changes: 6 additions & 1 deletion .github/workflows/pre-commit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,16 @@ name: pre-commit
"on":
pull_request:
push:
branches: [main]
branches: [ main ]

permissions:
contents: read

jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: j178/prek-action@cbc2f23eb5539cf20d82d1aabd0d0ecbcc56f4e3 # v2.0.2
7 changes: 7 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ name: Upload Python Package
release:
types: [ created ]

permissions:
contents: read

jobs:
publish:
runs-on: ubuntu-latest
Expand All @@ -14,6 +17,9 @@ jobs:
id-token: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
Expand All @@ -22,6 +28,7 @@ jobs:
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
activate-environment: "true"
enable-cache: "false"
- name: Install dependencies
run: |
uv sync --all-extras --dev
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/test-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ name: Test Upload Python Package to Test PyPI
push:
branches: [ main ]

permissions:
contents: read

jobs:
publish:
runs-on: ubuntu-latest
Expand All @@ -18,6 +21,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
Expand All @@ -26,6 +30,7 @@ jobs:
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
activate-environment: "true"
enable-cache: "false"
- name: Install dependencies
run: |
uv sync --all-extras --dev
Expand Down
26 changes: 26 additions & 0 deletions .github/workflows/zizmor.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: GitHub Actions Security Analysis with zizmor 🌈

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "**" ]

permissions: {}

jobs:
zizmor:
name: Run zizmor 🌈
runs-on: ubuntu-latest
permissions:
security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files.
contents: read # Only needed for private repos. Needed to clone the repo.
actions: read # Only needed for private repos. Needed for upload-sarif to read workflow run info.
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Run zizmor 🌈
uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3